Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-35579 (GCVE-0-2026-35579)
Vulnerability from cvelistv5 – Published: 2026-05-05 20:29 – Updated: 2026-05-06 14:30
VLAI
EPSS
Title
CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
Summary
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify() to validate the HMAC. If the key name matches a configured key, the tsigStatus field remains nil and the tsig plugin treats the request as successfully authenticated regardless of the MAC value. For DoH and DoH3, the issue is more severe: the DoHWriter.TsigStatus() method unconditionally returns nil, and the server never inspects the TSIG record at all. Any request containing a TSIG record is treated as authenticated over DoH and DoH3, even if the key name is invalid and the MAC is arbitrary.
An unauthenticated network attacker can exploit this to bypass TSIG-protected functionality such as AXFR/IXFR zone transfers, dynamic DNS updates, or other TSIG-gated plugin behavior. The DoH and DoH3 variants have a lower exploitation bar because the attacker does not need to know a valid TSIG key name.
This issue has been fixed in version 1.14.3. As a workaround, disable gRPC, QUIC, DoH, and DoH3 listeners where TSIG authentication is required, or restrict network-level access to affected transport ports to trusted sources only.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/coredns/coredns/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35579",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:30:00.602863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:30:35.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coredns",
"vendor": "coredns",
"versions": [
{
"status": "affected",
"version": "\u003c 1.14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify() to validate the HMAC. If the key name matches a configured key, the tsigStatus field remains nil and the tsig plugin treats the request as successfully authenticated regardless of the MAC value. For DoH and DoH3, the issue is more severe: the DoHWriter.TsigStatus() method unconditionally returns nil, and the server never inspects the TSIG record at all. Any request containing a TSIG record is treated as authenticated over DoH and DoH3, even if the key name is invalid and the MAC is arbitrary.\n\nAn unauthenticated network attacker can exploit this to bypass TSIG-protected functionality such as AXFR/IXFR zone transfers, dynamic DNS updates, or other TSIG-gated plugin behavior. The DoH and DoH3 variants have a lower exploitation bar because the attacker does not need to know a valid TSIG key name.\n\nThis issue has been fixed in version 1.14.3. As a workaround, disable gRPC, QUIC, DoH, and DoH3 listeners where TSIG authentication is required, or restrict network-level access to affected transport ports to trusted sources only."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T20:29:16.903Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9"
}
],
"source": {
"advisory": "GHSA-vp29-5652-4fw9",
"discovery": "UNKNOWN"
},
"title": "CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35579",
"datePublished": "2026-05-05T20:29:16.903Z",
"dateReserved": "2026-04-03T20:09:02.827Z",
"dateUpdated": "2026-05-06T14:30:35.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-35579",
"date": "2026-06-16",
"epss": "0.00445",
"percentile": "0.3528"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-35579\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-05T21:16:22.247\",\"lastModified\":\"2026-05-08T15:58:53.173\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify() to validate the HMAC. If the key name matches a configured key, the tsigStatus field remains nil and the tsig plugin treats the request as successfully authenticated regardless of the MAC value. For DoH and DoH3, the issue is more severe: the DoHWriter.TsigStatus() method unconditionally returns nil, and the server never inspects the TSIG record at all. Any request containing a TSIG record is treated as authenticated over DoH and DoH3, even if the key name is invalid and the MAC is arbitrary.\\n\\nAn unauthenticated network attacker can exploit this to bypass TSIG-protected functionality such as AXFR/IXFR zone transfers, dynamic DNS updates, or other TSIG-gated plugin behavior. The DoH and DoH3 variants have a lower exploitation bar because the attacker does not need to know a valid TSIG key name.\\n\\nThis issue has been fixed in version 1.14.3. As a workaround, disable gRPC, QUIC, DoH, and DoH3 listeners where TSIG authentication is required, or restrict network-level access to affected transport ports to trusted sources only.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.14.3\",\"matchCriteriaId\":\"0B1F8FE2-314C-4C38-9F18-099ACCFF0AAD\"}]}]}],\"references\":[{\"url\":\"https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\",\"Mitigation\"]},{\"url\":\"https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\",\"Mitigation\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports\", \"source\": {\"advisory\": \"GHSA-vp29-5652-4fw9\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"coredns\", \"product\": \"coredns\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.14.3\"}]}], \"references\": [{\"url\": \"https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9\", \"name\": \"https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify() to validate the HMAC. If the key name matches a configured key, the tsigStatus field remains nil and the tsig plugin treats the request as successfully authenticated regardless of the MAC value. For DoH and DoH3, the issue is more severe: the DoHWriter.TsigStatus() method unconditionally returns nil, and the server never inspects the TSIG record at all. Any request containing a TSIG record is treated as authenticated over DoH and DoH3, even if the key name is invalid and the MAC is arbitrary.\\n\\nAn unauthenticated network attacker can exploit this to bypass TSIG-protected functionality such as AXFR/IXFR zone transfers, dynamic DNS updates, or other TSIG-gated plugin behavior. The DoH and DoH3 variants have a lower exploitation bar because the attacker does not need to know a valid TSIG key name.\\n\\nThis issue has been fixed in version 1.14.3. As a workaround, disable gRPC, QUIC, DoH, and DoH3 listeners where TSIG authentication is required, or restrict network-level access to affected transport ports to trusted sources only.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287: Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-05T20:29:16.903Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-35579\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-06T14:30:00.602863Z\"}}}], \"references\": [{\"url\": \"https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-05-06T14:30:27.071Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-35579\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-05T20:29:16.903Z\", \"dateReserved\": \"2026-04-03T20:09:02.827Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-05T20:29:16.903Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
cleanstart-2026-sl86558
Vulnerability from cleanstart
Published
2026-05-21 08:10
Modified
2026-05-20 18:52
Summary
Security fixes for CVE-2024-7598, CVE-2026-32934, CVE-2026-32936, CVE-2026-33190, CVE-2026-33489, CVE-2026-33811, CVE-2026-33814, CVE-2026-35579, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-2wpx-qpw2-g5h5, ghsa-63cw-r7xf-jmwr, ghsa-h8mm-c463-wjq3, ghsa-qhmp-q7xh-99rh, ghsa-vp29-5652-4fw9 applied in versions: 1.26.8-r0, 1.26.8-r1
Details
Multiple security vulnerabilities affect the kubernetes-dns-node-cache package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "kubernetes-dns-node-cache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.26.8-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the kubernetes-dns-node-cache package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-SL86558",
"modified": "2026-05-20T18:52:53Z",
"published": "2026-05-21T08:10:40.863637Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-SL86558.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7598"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33489"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-35579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42501"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2wpx-qpw2-g5h5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-63cw-r7xf-jmwr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h8mm-c463-wjq3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qhmp-q7xh-99rh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vp29-5652-4fw9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7598"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32934"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33489"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2024-7598, CVE-2026-32934, CVE-2026-32936, CVE-2026-33190, CVE-2026-33489, CVE-2026-33811, CVE-2026-33814, CVE-2026-35579, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-2wpx-qpw2-g5h5, ghsa-63cw-r7xf-jmwr, ghsa-h8mm-c463-wjq3, ghsa-qhmp-q7xh-99rh, ghsa-vp29-5652-4fw9 applied in versions: 1.26.8-r0, 1.26.8-r1",
"upstream": [
"CVE-2024-7598",
"CVE-2026-32934",
"CVE-2026-32936",
"CVE-2026-33190",
"CVE-2026-33489",
"CVE-2026-33811",
"CVE-2026-33814",
"CVE-2026-35579",
"CVE-2026-39817",
"CVE-2026-39819",
"CVE-2026-39820",
"CVE-2026-39823",
"CVE-2026-39825",
"CVE-2026-39826",
"CVE-2026-39836",
"CVE-2026-42499",
"CVE-2026-42501",
"ghsa-2wpx-qpw2-g5h5",
"ghsa-63cw-r7xf-jmwr",
"ghsa-h8mm-c463-wjq3",
"ghsa-qhmp-q7xh-99rh",
"ghsa-vp29-5652-4fw9"
]
}
cleanstart-2026-vj54611
Vulnerability from cleanstart
Published
2026-05-21 08:11
Modified
2026-05-20 18:52
Summary
Security fixes for CVE-2025-13281, CVE-2025-47950, CVE-2025-5187, CVE-2025-58063, CVE-2025-64702, CVE-2025-68151, CVE-2026-26017, CVE-2026-26018, CVE-2026-32934, CVE-2026-32936, CVE-2026-33190, CVE-2026-33489, CVE-2026-33811, CVE-2026-33814, CVE-2026-35579, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-2wpx-qpw2-g5h5, ghsa-4x4m-3c2p-qppc, ghsa-527x-5wrf-22m2, ghsa-63cw-r7xf-jmwr, ghsa-93mf-426m-g6x9, ghsa-c9v3-4pv7-87pr, ghsa-cvx7-x8pj-x2gw, ghsa-g754-hx8w-x2g6, ghsa-h75p-j8xm-m278, ghsa-h8mm-c463-wjq3, ghsa-qhmp-q7xh-99rh, ghsa-r6j8-c6r2-37rr, ghsa-vp29-5652-4fw9 applied in versions: 1.25.0-r2
Details
Multiple security vulnerabilities affect the kubernetes-dns-node-cache package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "kubernetes-dns-node-cache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.25.0-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the kubernetes-dns-node-cache package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-VJ54611",
"modified": "2026-05-20T18:52:19Z",
"published": "2026-05-21T08:11:44.432468Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-VJ54611.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-13281"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47950"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58063"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-64702"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68151"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26017"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33489"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-35579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42501"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2wpx-qpw2-g5h5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4x4m-3c2p-qppc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-527x-5wrf-22m2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-63cw-r7xf-jmwr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-93mf-426m-g6x9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c9v3-4pv7-87pr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cvx7-x8pj-x2gw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-g754-hx8w-x2g6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h75p-j8xm-m278"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h8mm-c463-wjq3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qhmp-q7xh-99rh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r6j8-c6r2-37rr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vp29-5652-4fw9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13281"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47950"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58063"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64702"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32934"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33489"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-13281, CVE-2025-47950, CVE-2025-5187, CVE-2025-58063, CVE-2025-64702, CVE-2025-68151, CVE-2026-26017, CVE-2026-26018, CVE-2026-32934, CVE-2026-32936, CVE-2026-33190, CVE-2026-33489, CVE-2026-33811, CVE-2026-33814, CVE-2026-35579, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-2wpx-qpw2-g5h5, ghsa-4x4m-3c2p-qppc, ghsa-527x-5wrf-22m2, ghsa-63cw-r7xf-jmwr, ghsa-93mf-426m-g6x9, ghsa-c9v3-4pv7-87pr, ghsa-cvx7-x8pj-x2gw, ghsa-g754-hx8w-x2g6, ghsa-h75p-j8xm-m278, ghsa-h8mm-c463-wjq3, ghsa-qhmp-q7xh-99rh, ghsa-r6j8-c6r2-37rr, ghsa-vp29-5652-4fw9 applied in versions: 1.25.0-r2",
"upstream": [
"CVE-2025-13281",
"CVE-2025-47950",
"CVE-2025-5187",
"CVE-2025-58063",
"CVE-2025-64702",
"CVE-2025-68151",
"CVE-2026-26017",
"CVE-2026-26018",
"CVE-2026-32934",
"CVE-2026-32936",
"CVE-2026-33190",
"CVE-2026-33489",
"CVE-2026-33811",
"CVE-2026-33814",
"CVE-2026-35579",
"CVE-2026-39817",
"CVE-2026-39819",
"CVE-2026-39820",
"CVE-2026-39823",
"CVE-2026-39825",
"CVE-2026-39826",
"CVE-2026-39836",
"CVE-2026-42499",
"CVE-2026-42501",
"ghsa-2wpx-qpw2-g5h5",
"ghsa-4x4m-3c2p-qppc",
"ghsa-527x-5wrf-22m2",
"ghsa-63cw-r7xf-jmwr",
"ghsa-93mf-426m-g6x9",
"ghsa-c9v3-4pv7-87pr",
"ghsa-cvx7-x8pj-x2gw",
"ghsa-g754-hx8w-x2g6",
"ghsa-h75p-j8xm-m278",
"ghsa-h8mm-c463-wjq3",
"ghsa-qhmp-q7xh-99rh",
"ghsa-r6j8-c6r2-37rr",
"ghsa-vp29-5652-4fw9"
]
}
FKIE_CVE-2026-35579
Vulnerability from fkie_nvd - Published: 2026-05-05 21:16 - Updated: 2026-05-08 15:58
Severity
Summary
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify() to validate the HMAC. If the key name matches a configured key, the tsigStatus field remains nil and the tsig plugin treats the request as successfully authenticated regardless of the MAC value. For DoH and DoH3, the issue is more severe: the DoHWriter.TsigStatus() method unconditionally returns nil, and the server never inspects the TSIG record at all. Any request containing a TSIG record is treated as authenticated over DoH and DoH3, even if the key name is invalid and the MAC is arbitrary.
An unauthenticated network attacker can exploit this to bypass TSIG-protected functionality such as AXFR/IXFR zone transfers, dynamic DNS updates, or other TSIG-gated plugin behavior. The DoH and DoH3 variants have a lower exploitation bar because the attacker does not need to know a valid TSIG key name.
This issue has been fixed in version 1.14.3. As a workaround, disable gRPC, QUIC, DoH, and DoH3 listeners where TSIG authentication is required, or restrict network-level access to affected transport ports to trusted sources only.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9 | Exploit, Vendor Advisory, Mitigation | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9 | Exploit, Vendor Advisory, Mitigation |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coredns.io | coredns | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1F8FE2-314C-4C38-9F18-099ACCFF0AAD",
"versionEndExcluding": "1.14.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify() to validate the HMAC. If the key name matches a configured key, the tsigStatus field remains nil and the tsig plugin treats the request as successfully authenticated regardless of the MAC value. For DoH and DoH3, the issue is more severe: the DoHWriter.TsigStatus() method unconditionally returns nil, and the server never inspects the TSIG record at all. Any request containing a TSIG record is treated as authenticated over DoH and DoH3, even if the key name is invalid and the MAC is arbitrary.\n\nAn unauthenticated network attacker can exploit this to bypass TSIG-protected functionality such as AXFR/IXFR zone transfers, dynamic DNS updates, or other TSIG-gated plugin behavior. The DoH and DoH3 variants have a lower exploitation bar because the attacker does not need to know a valid TSIG key name.\n\nThis issue has been fixed in version 1.14.3. As a workaround, disable gRPC, QUIC, DoH, and DoH3 listeners where TSIG authentication is required, or restrict network-level access to affected transport ports to trusted sources only."
}
],
"id": "CVE-2026-35579",
"lastModified": "2026-05-08T15:58:53.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-05-05T21:16:22.247",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory",
"Mitigation"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory",
"Mitigation"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-VP29-5652-4FW9
Vulnerability from github – Published: 2026-04-28 22:54 – Updated: 2026-05-08 15:30
VLAI
Summary
CoreDNS has TSIG authentication bypass on gRPC and QUIC transports
Details
Summary
The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication.
For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, tsigStatus remains nil and the tsig plugin treats the request as "verified".
For DoH and DoH3, the issue is worse: TSIG is not verified at all. The DoH response writer has TsigStatus() hardcoded to return nil, so any request containing a TSIG record is treated as authenticated, even if the key name is invalid and the MAC is garbage.
As a result, attackers may bypass TSIG authentication on affected transports and access TSIG-protected functionality such as AXFR/IXFR zone transfers, dynamic updates, or other TSIG-gated plugin behavior.
Details
In server_grpc.go and server_quic.go, the TSIG handling checks whether the TSIG key name exists, but does not call dns.TsigVerify().
Relevant code before fix:
if tsig := msg.IsTsig(); tsig != nil {
if s.tsigSecret == nil {
w.tsigStatus = dns.ErrSecret
} else if _, ok := s.tsigSecret[tsig.Hdr.Name]; !ok {
w.tsigStatus = dns.ErrSecret
}
// key found -> nothing happens -> tsigStatus stays nil -> "verified"
}
This means that for gRPC and QUIC, a request with a known TSIG key name but an invalid MAC is accepted as authenticated.
PRs #7943 and #7947 partially addressed this area by adding key name checks for gRPC and QUIC, but did not add HMAC verification.
The DoH and DoH3 paths have an even weaker failure mode. In https.go, DoHWriter.TsigStatus() returned nil unconditionally:
func (d *DoHWriter) TsigStatus() error {
return nil
}
In server_https.go, the incoming DNS message is unpacked from the HTTP request and passed directly into ServeDNS() without checking msg.IsTsig(), without looking up the TSIG key name, and without calling dns.TsigVerify().
The same pattern exists in the DoH3 path in server_https3.go.
The effective DoH/DoH3 flow before the fix was:
- HTTP or HTTP/3 request arrives.
- DNS message is unpacked from the request.
- A
DoHWriteris created. - The message is passed to
ServeDNS(). - The tsig plugin checks
w.TsigStatus(). TsigStatus()returns nil.- nil is interpreted as successful TSIG verification.
This means that for DoH and DoH3, CoreDNS did not even require a valid TSIG key name. Any TSIG record was enough to satisfy the tsig plugin, regardless of key name or MAC contents.
PoC
Setup: built CoreDNS from master at commit 12d9457 and also verified against the v1.14.2 release binary. Configured a single test zone with 9 records and tsig { require all }.
Listeners used the same TSIG configuration and key:
- TCP on port 1053, using the normal
dns.Serverpath where TSIG HMAC verification works correctly - gRPC on port 1443, using manual TSIG handling
- DoH on port 8443
- DoH3 with the same TSIG configuration
gRPC / QUIC behavior
A test client sent AXFR requests over gRPC with a valid TSIG key name but forged MAC values. The same requests were sent over TCP for comparison.
| MAC used | gRPC | TCP |
|---|---|---|
| 32 zero bytes | BYPASS, 9 records returned | BADSIG |
| 32 random bytes | BYPASS, 9 records returned | BADSIG |
| HMAC computed with wrong secret | BYPASS, 9 records returned | BADSIG |
| truncated to 16 bytes | BYPASS, 9 records returned | BADSIG |
single byte 0x41 |
BYPASS, 9 records returned | BADSIG |
| empty MAC | BYPASS, 9 records returned | BADSIG |
| wrong key name + zero MAC | REJECTED, NOTAUTH/BADKEY | REJECTED, NOTAUTH/BADKEY |
6 out of 7 forged TSIG requests bypassed authentication over gRPC and returned a full zone transfer. The only rejected case was the wrong key name, because the gRPC path checked whether the key name existed.
The same class applied to QUIC.
DoH / DoH3 behavior
For DoH, a test client sent DNS queries over HTTPS POST to /dns-query with forged TSIG records. These requests were also compared against TCP.
| TSIG variant | DoH result | TCP result |
|---|---|---|
| 32 zero bytes | BYPASS, NOERROR | BADSIG |
| 32 random bytes | BYPASS, NOERROR | BADSIG |
| HMAC computed with wrong secret | BYPASS, NOERROR | BADSIG |
| truncated to 16 bytes | BYPASS, NOERROR | BADSIG |
single byte 0x41 |
BYPASS, NOERROR | BADSIG |
| empty MAC | BYPASS, NOERROR | BADSIG |
| bad key name | BYPASS, NOERROR | NOTAUTH/BADKEY |
| no TSIG record | REJECTED, REFUSED | REJECTED, REFUSED |
7 out of 8 cases bypassed authentication over DoH. Every request containing a TSIG record was accepted, including requests with an invalid key name.
An AXFR request over DoH with a forged TSIG record using a zero-byte MAC returned the full test zone.
The same pattern applies to DoH3 because it used the same DoHWriter TSIG behavior and did not verify TSIG before passing the message into the plugin chain.
To confirm that the tsig plugin itself was enforcing policy, requests with no TSIG record were rejected with REFUSED. The bypass happens because the transport layer reports successful TSIG verification when verification either did not happen or only checked the key name.
Impact
An unauthenticated network attacker may bypass TSIG authentication on affected CoreDNS transports.
Depending on configuration, this may allow an attacker to:
- perform AXFR or IXFR zone transfers over affected transports
- dump TSIG-protected zone data
- submit dynamic DNS updates if enabled
- bypass other TSIG-gated plugin behavior
- authenticate over DoH or DoH3 without knowing a valid TSIG key name
The DoH and DoH3 variants have a lower exploitation bar than gRPC and QUIC because the attacker does not need to know a configured TSIG key name. Any TSIG record is treated as valid.
Affected transports
- gRPC
- QUIC
- DoH
- DoH3
Workarounds
If upgrading is not immediately possible:
- Disable gRPC, QUIC, DoH, and DoH3 listeners where TSIG authentication is required.
- Restrict network-level access to affected transport ports to trusted sources only.
- Avoid exposing TSIG-protected functionality such as AXFR, IXFR, or dynamic updates over affected transports.
Fix
Affected transports must verify TSIG before passing the DNS message into the plugin chain.
For requests containing a TSIG record, the transport should:
- check whether TSIG secrets are configured
- verify that the TSIG key name exists
- call
dns.TsigVerify()against the original wire-format message - store the resulting status in the response writer
- return that status from
TsigStatus()
A successful key name lookup alone is not sufficient. A nil TSIG status must only be returned after successful HMAC verification.
Severity
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/coredns/coredns"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35579"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-28T22:54:32Z",
"nvd_published_at": "2026-05-05T21:16:22Z",
"severity": "HIGH"
},
"details": "### Summary\n\nThe gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication.\n\nFor gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, `tsigStatus` remains nil and the tsig plugin treats the request as \"verified\".\n\nFor DoH and DoH3, the issue is worse: TSIG is not verified at all. The DoH response writer has `TsigStatus()` hardcoded to return nil, so any request containing a TSIG record is treated as authenticated, even if the key name is invalid and the MAC is garbage.\n\nAs a result, attackers may bypass TSIG authentication on affected transports and access TSIG-protected functionality such as AXFR/IXFR zone transfers, dynamic updates, or other TSIG-gated plugin behavior.\n\n### Details\n\nIn `server_grpc.go` and `server_quic.go`, the TSIG handling checks whether the TSIG key name exists, but does not call `dns.TsigVerify()`.\n\nRelevant code before fix:\n\n```go\nif tsig := msg.IsTsig(); tsig != nil {\n if s.tsigSecret == nil {\n w.tsigStatus = dns.ErrSecret\n } else if _, ok := s.tsigSecret[tsig.Hdr.Name]; !ok {\n w.tsigStatus = dns.ErrSecret\n }\n // key found -\u003e nothing happens -\u003e tsigStatus stays nil -\u003e \"verified\"\n}\n```\n\nThis means that for gRPC and QUIC, a request with a known TSIG key name but an invalid MAC is accepted as authenticated.\n\nPRs #7943 and #7947 partially addressed this area by adding key name checks for gRPC and QUIC, but did not add HMAC verification.\n\nThe DoH and DoH3 paths have an even weaker failure mode. In `https.go`, `DoHWriter.TsigStatus()` returned nil unconditionally:\n\n```go\nfunc (d *DoHWriter) TsigStatus() error {\n return nil\n}\n```\n\nIn `server_https.go`, the incoming DNS message is unpacked from the HTTP request and passed directly into `ServeDNS()` without checking `msg.IsTsig()`, without looking up the TSIG key name, and without calling `dns.TsigVerify()`.\n\nThe same pattern exists in the DoH3 path in `server_https3.go`.\n\nThe effective DoH/DoH3 flow before the fix was:\n\n1. HTTP or HTTP/3 request arrives.\n2. DNS message is unpacked from the request.\n3. A `DoHWriter` is created.\n4. The message is passed to `ServeDNS()`.\n5. The tsig plugin checks `w.TsigStatus()`.\n6. `TsigStatus()` returns nil.\n7. nil is interpreted as successful TSIG verification.\n\nThis means that for DoH and DoH3, CoreDNS did not even require a valid TSIG key name. Any TSIG record was enough to satisfy the tsig plugin, regardless of key name or MAC contents.\n\n### PoC\n\nSetup: built CoreDNS from master at commit `12d9457` and also verified against the v1.14.2 release binary. Configured a single test zone with 9 records and `tsig { require all }`.\n\nListeners used the same TSIG configuration and key:\n\n- TCP on port 1053, using the normal `dns.Server` path where TSIG HMAC verification works correctly\n- gRPC on port 1443, using manual TSIG handling\n- DoH on port 8443\n- DoH3 with the same TSIG configuration\n\n#### gRPC / QUIC behavior\n\nA test client sent AXFR requests over gRPC with a valid TSIG key name but forged MAC values. The same requests were sent over TCP for comparison.\n\n| MAC used | gRPC | TCP |\n|----------|------|-----|\n| 32 zero bytes | BYPASS, 9 records returned | BADSIG |\n| 32 random bytes | BYPASS, 9 records returned | BADSIG |\n| HMAC computed with wrong secret | BYPASS, 9 records returned | BADSIG |\n| truncated to 16 bytes | BYPASS, 9 records returned | BADSIG |\n| single byte `0x41` | BYPASS, 9 records returned | BADSIG |\n| empty MAC | BYPASS, 9 records returned | BADSIG |\n| wrong key name + zero MAC | REJECTED, NOTAUTH/BADKEY | REJECTED, NOTAUTH/BADKEY |\n\n6 out of 7 forged TSIG requests bypassed authentication over gRPC and returned a full zone transfer. The only rejected case was the wrong key name, because the gRPC path checked whether the key name existed.\n\nThe same class applied to QUIC.\n\n#### DoH / DoH3 behavior\n\nFor DoH, a test client sent DNS queries over HTTPS POST to `/dns-query` with forged TSIG records. These requests were also compared against TCP.\n\n| TSIG variant | DoH result | TCP result |\n|-------------|------------|------------|\n| 32 zero bytes | BYPASS, NOERROR | BADSIG |\n| 32 random bytes | BYPASS, NOERROR | BADSIG |\n| HMAC computed with wrong secret | BYPASS, NOERROR | BADSIG |\n| truncated to 16 bytes | BYPASS, NOERROR | BADSIG |\n| single byte `0x41` | BYPASS, NOERROR | BADSIG |\n| empty MAC | BYPASS, NOERROR | BADSIG |\n| bad key name | BYPASS, NOERROR | NOTAUTH/BADKEY |\n| no TSIG record | REJECTED, REFUSED | REJECTED, REFUSED |\n\n7 out of 8 cases bypassed authentication over DoH. Every request containing a TSIG record was accepted, including requests with an invalid key name.\n\nAn AXFR request over DoH with a forged TSIG record using a zero-byte MAC returned the full test zone.\n\nThe same pattern applies to DoH3 because it used the same `DoHWriter` TSIG behavior and did not verify TSIG before passing the message into the plugin chain.\n\nTo confirm that the tsig plugin itself was enforcing policy, requests with no TSIG record were rejected with `REFUSED`. The bypass happens because the transport layer reports successful TSIG verification when verification either did not happen or only checked the key name.\n\n### Impact\n\nAn unauthenticated network attacker may bypass TSIG authentication on affected CoreDNS transports.\n\nDepending on configuration, this may allow an attacker to:\n\n- perform AXFR or IXFR zone transfers over affected transports\n- dump TSIG-protected zone data\n- submit dynamic DNS updates if enabled\n- bypass other TSIG-gated plugin behavior\n- authenticate over DoH or DoH3 without knowing a valid TSIG key name\n\nThe DoH and DoH3 variants have a lower exploitation bar than gRPC and QUIC because the attacker does not need to know a configured TSIG key name. Any TSIG record is treated as valid.\n\n### Affected transports\n\n- gRPC\n- QUIC\n- DoH\n- DoH3\n\n### Workarounds\n\nIf upgrading is not immediately possible:\n\n- Disable gRPC, QUIC, DoH, and DoH3 listeners where TSIG authentication is required.\n- Restrict network-level access to affected transport ports to trusted sources only.\n- Avoid exposing TSIG-protected functionality such as AXFR, IXFR, or dynamic updates over affected transports.\n\n### Fix\n\nAffected transports must verify TSIG before passing the DNS message into the plugin chain.\n\nFor requests containing a TSIG record, the transport should:\n\n1. check whether TSIG secrets are configured\n2. verify that the TSIG key name exists\n3. call `dns.TsigVerify()` against the original wire-format message\n4. store the resulting status in the response writer\n5. return that status from `TsigStatus()`\n\nA successful key name lookup alone is not sufficient. A nil TSIG status must only be returned after successful HMAC verification.",
"id": "GHSA-vp29-5652-4fw9",
"modified": "2026-05-08T15:30:59Z",
"published": "2026-04-28T22:54:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579"
},
{
"type": "PACKAGE",
"url": "https://github.com/coredns/coredns"
},
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "CoreDNS has TSIG authentication bypass on gRPC and QUIC transports"
}
MSRC_CVE-2026-35579
Vulnerability from csaf_microsoft - Published: 2026-05-02 00:00 - Updated: 2026-06-02 01:44Summary
CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
CWE-287
- Improper Authentication
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 21180-17084 | — |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-1 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-35579.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports",
"tracking": {
"current_release_date": "2026-06-02T01:44:29.000Z",
"generator": {
"date": "2026-06-02T07:14:05.739Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-35579",
"initial_release_date": "2026-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-05-07T01:03:04.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-06-02T01:44:29.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 coredns 0:1.11.4-15.azl3",
"product": {
"name": "\u003cazl3 coredns 0:1.11.4-15.azl3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 coredns 0:1.11.4-15.azl3",
"product": {
"name": "azl3 coredns 0:1.11.4-15.azl3",
"product_id": "21180"
}
}
],
"category": "product_name",
"name": "coredns"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 coredns 0:1.11.4-15.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 coredns 0:1.11.4-15.azl3 as a component of Azure Linux 3.0",
"product_id": "21180-17084"
},
"product_reference": "21180",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-35579",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21180-17084"
],
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-35579.json"
}
],
"title": "CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports"
}
]
}
RHSA-2026:25127
Vulnerability from csaf_redhat - Published: 2026-06-10 20:51 - Updated: 2026-06-17 10:20Summary
Red Hat Security Advisory: Submariner v0.21 security fixes and container updates
Severity
Important
Notes
Topic: Submariner v0.21 General Availability release images, which provide enhancements, security fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Red Hat Advanced Cluster Management for Kubernetes v2.14
Details: Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters.
For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Threats
Impact
Moderate
Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
7.5 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as 'acl', are evaluated before the 'rewrite' plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.
7.7 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS's loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Threats
Impact
Important
A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS (DoH) GET requests. The GET path, unlike the POST path, lacks size validation before processing large `dns=` query parameter values. This can lead to high CPU usage, significant memory allocations, and increased garbage collection, resulting in a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in CoreDNS. An unauthenticated network attacker can exploit incorrect handling of TSIG (Transaction Signature) authentication in the gRPC, QUIC, DoH (DNS over HTTPS), and DoH3 transport implementations. This vulnerability allows an attacker to bypass TSIG protection, leading to unauthorized access to functionalities such as zone transfers and dynamic DNS updates. For DoH and DoH3, the issue is more severe as any request with a TSIG record is treated as authenticated, even with an invalid key.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Threats
Impact
Important
References
118 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:25127 | self |
| https://access.redhat.com/security/cve/CVE-2024-25621 | external |
| https://access.redhat.com/security/cve/CVE-2025-61726 | external |
| https://access.redhat.com/security/cve/CVE-2025-61728 | external |
| https://access.redhat.com/security/cve/CVE-2025-61729 | external |
| https://access.redhat.com/security/cve/CVE-2025-68121 | external |
| https://access.redhat.com/security/cve/CVE-2025-68151 | external |
| https://access.redhat.com/security/cve/CVE-2026-21441 | external |
| https://access.redhat.com/security/cve/CVE-2026-25679 | external |
| https://access.redhat.com/security/cve/CVE-2026-26017 | external |
| https://access.redhat.com/security/cve/CVE-2026-26018 | external |
| https://access.redhat.com/security/cve/CVE-2026-32280 | external |
| https://access.redhat.com/security/cve/CVE-2026-32936 | external |
| https://access.redhat.com/security/cve/CVE-2026-33186 | external |
| https://access.redhat.com/security/cve/CVE-2026-34986 | external |
| https://access.redhat.com/security/cve/CVE-2026-35579 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-25621 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2413190 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-25621 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-25621 | external |
| https://github.com/containerd/containerd/blob/mai… | external |
| https://github.com/containerd/containerd/commit/7… | external |
| https://github.com/containerd/containerd/security… | external |
| https://access.redhat.com/security/cve/CVE-2025-61726 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2434432 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-61726 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-61726 | external |
| https://go.dev/cl/736712 | external |
| https://go.dev/issue/77101 | external |
| https://groups.google.com/g/golang-announce/c/Vd2… | external |
| https://pkg.go.dev/vuln/GO-2026-4341 | external |
| https://access.redhat.com/security/cve/CVE-2025-61728 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2434431 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-61728 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-61728 | external |
| https://go.dev/cl/736713 | external |
| https://go.dev/issue/77102 | external |
| https://pkg.go.dev/vuln/GO-2026-4342 | external |
| https://access.redhat.com/security/cve/CVE-2025-61729 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2418462 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-61729 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-61729 | external |
| https://go.dev/cl/725920 | external |
| https://go.dev/issue/76445 | external |
| https://groups.google.com/g/golang-announce/c/8FJ… | external |
| https://pkg.go.dev/vuln/GO-2025-4155 | external |
| https://access.redhat.com/security/cve/CVE-2025-68121 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2437111 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-68121 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-68121 | external |
| https://go.dev/cl/737700 | external |
| https://go.dev/issue/77217 | external |
| https://groups.google.com/g/golang-announce/c/K09… | external |
| https://pkg.go.dev/vuln/GO-2026-4337 | external |
| https://access.redhat.com/security/cve/CVE-2025-68151 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2428009 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-68151 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-68151 | external |
| https://github.com/coredns/coredns/commit/0d8cbb1… | external |
| https://github.com/coredns/coredns/pull/7490 | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-21441 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2427726 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21441 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21441 | external |
| https://github.com/urllib3/urllib3/commit/8864ac4… | external |
| https://github.com/urllib3/urllib3/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-25679 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445356 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-25679 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-25679 | external |
| https://go.dev/cl/752180 | external |
| https://go.dev/issue/77578 | external |
| https://groups.google.com/g/golang-announce/c/Edh… | external |
| https://pkg.go.dev/vuln/GO-2026-4601 | external |
| https://access.redhat.com/security/cve/CVE-2026-26017 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445244 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-26017 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-26017 | external |
| https://github.com/coredns/coredns/releases/tag/v1.14.2 | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-26018 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445242 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-26018 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-26018 | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-32280 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2456339 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32280 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32280 | external |
| https://go.dev/cl/758320 | external |
| https://go.dev/issue/78282 | external |
| https://groups.google.com/g/golang-announce/c/0uY… | external |
| https://pkg.go.dev/vuln/GO-2026-4947 | external |
| https://access.redhat.com/security/cve/CVE-2026-32936 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2466869 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32936 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32936 | external |
| https://github.com/coredns/coredns/releases/tag/v1.14.3 | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-33186 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2449833 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-33186 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-33186 | external |
| https://github.com/grpc/grpc-go/security/advisori… | external |
| https://access.redhat.com/security/cve/CVE-2026-34986 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2455470 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-34986 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-34986 | external |
| https://github.com/go-jose/go-jose/security/advis… | external |
| https://pkg.go.dev/github.com/go-jose/go-jose/v4#… | external |
| https://access.redhat.com/security/cve/CVE-2026-35579 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2466905 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-35579 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-35579 | external |
| https://github.com/coredns/coredns/security/advis… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Submariner v0.21 General Availability release images, which provide enhancements, security fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.\nRed Hat Advanced Cluster Management for Kubernetes v2.14",
"title": "Topic"
},
{
"category": "general",
"text": "Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:25127",
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-25621",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68151",
"url": "https://access.redhat.com/security/cve/CVE-2025-68151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26017",
"url": "https://access.redhat.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26018",
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32936",
"url": "https://access.redhat.com/security/cve/CVE-2026-32936"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-35579",
"url": "https://access.redhat.com/security/cve/CVE-2026-35579"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25127.json"
}
],
"title": "Red Hat Security Advisory: Submariner v0.21 security fixes and container updates",
"tracking": {
"current_release_date": "2026-06-17T10:20:29+00:00",
"generator": {
"date": "2026-06-17T10:20:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:25127",
"initial_release_date": "2026-06-10T20:51:55+00:00",
"revision_history": [
{
"date": "2026-06-10T20:51:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-10T20:51:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-17T10:20:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.14::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Management for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Abbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1780204232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Aeee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1780204249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1780241410"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Acac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1780238563"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256%3A5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=1780248353"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1780204887"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Aa7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1780204696"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1780204322"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1780204631"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1780204232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1780204249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1780241410"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1780238563"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1780204887"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Aed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1780204696"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1780204322"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3Ac52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1780204631"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Aeac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1780204232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Ae688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1780204249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3Af928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1780241410"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1780238563"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1780204887"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1780204696"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1780204322"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1780204631"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1780204232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Ae802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1780204249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1780241410"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Aa154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1780238563"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1780204887"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Abe69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1780204696"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1780204322"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1780204631"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25621",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2025-11-06T19:01:04.402278+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2413190"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd local privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "RHBZ#2413190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/blob/main/docs/rootless.md",
"url": "https://github.com/containerd/containerd/blob/main/docs/rootless.md"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5",
"url": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w"
}
],
"release_date": "2025-11-06T18:36:21.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "The system administrator on the host can manually chmod the directories to not\nhave group or world accessible permissions:\n```\nchmod 700 /var/lib/containerd\nchmod 700 /run/containerd/io.containerd.grpc.v1.cri\nchmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim\n```\nAn alternative mitigation would be to run containerd in rootless mode.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd local privilege escalation"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-68151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-08T16:01:04.891768+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428009"
}
],
"notes": [
{
"category": "description",
"text": "Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68151"
},
{
"category": "external",
"summary": "RHBZ#2428009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812",
"url": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/pull/7490",
"url": "https://github.com/coredns/coredns/pull/7490"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2"
}
],
"release_date": "2026-01-08T15:33:12.711000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-26017",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-03-06T16:01:45.971241+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as \u0027acl\u0027, are evaluated before the \u0027rewrite\u0027 plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "RHBZ#2445244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26017"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
}
],
"release_date": "2026-03-06T15:36:15.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw"
},
{
"cve": "CVE-2026-26018",
"cwe": {
"id": "CWE-1241",
"name": "Use of Predictable Algorithm in Random Number Generator"
},
"discovery_date": "2026-03-06T16:01:38.150099+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445242"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS\u0027s loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "RHBZ#2445242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
}
],
"release_date": "2026-03-06T15:35:50.801000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32936",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-05-05T20:01:52.218439+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466869"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS (DoH) GET requests. The GET path, unlike the POST path, lacks size validation before processing large `dns=` query parameter values. This can lead to high CPU usage, significant memory allocations, and increased garbage collection, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: Denial of Service via oversized DNS-over-HTTPS GET requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32936"
},
{
"category": "external",
"summary": "RHBZ#2466869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466869"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32936"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.3",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.3"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr"
}
],
"release_date": "2026-05-05T19:07:51.926000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/coredns/coredns: CoreDNS: Denial of Service via oversized DNS-over-HTTPS GET requests"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-35579",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-05T21:01:06.423844+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466905"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS. An unauthenticated network attacker can exploit incorrect handling of TSIG (Transaction Signature) authentication in the gRPC, QUIC, DoH (DNS over HTTPS), and DoH3 transport implementations. This vulnerability allows an attacker to bypass TSIG protection, leading to unauthorized access to functionalities such as zone transfers and dynamic DNS updates. For DoH and DoH3, the issue is more severe as any request with a TSIG record is treated as authenticated, even with an invalid key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: Authentication bypass allows unauthorized access to TSIG-protected functionalities",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-35579"
},
{
"category": "external",
"summary": "RHBZ#2466905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466905"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-35579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35579"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9"
}
],
"release_date": "2026-05-05T20:29:16.903000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: Authentication bypass allows unauthorized access to TSIG-protected functionalities"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…