Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-41673 (GCVE-0-2026-41673)
Vulnerability from cvelistv5 – Published: 2026-05-07 03:40 – Updated: 2026-05-07 14:10
VLAI
EPSS
Title
xmldom: Denial of service via uncontrolled recursion in XML serialization
Summary
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application. This issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://github.com/xmldom/xmldom/security/advisor… | x_refsource_CONFIRM |
| https://github.com/xmldom/xmldom/commit/17678a2a7… | x_refsource_MISC |
| https://github.com/xmldom/xmldom/commit/291257493… | x_refsource_MISC |
| https://github.com/xmldom/xmldom/commit/2d6d6916e… | x_refsource_MISC |
| https://github.com/xmldom/xmldom/commit/430357c7b… | x_refsource_MISC |
| https://github.com/xmldom/xmldom/commit/4845ef109… | x_refsource_MISC |
| https://github.com/xmldom/xmldom/commit/8834218c8… | x_refsource_MISC |
| https://github.com/xmldom/xmldom/commit/8b7cfd149… | x_refsource_MISC |
| https://github.com/xmldom/xmldom/commit/b0620383a… | x_refsource_MISC |
| https://github.com/xmldom/xmldom/commit/e6edcab6b… | x_refsource_MISC |
| https://github.com/xmldom/xmldom/releases/tag/0.8.13 | x_refsource_MISC |
| https://github.com/xmldom/xmldom/releases/tag/0.9.10 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41673",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T14:08:40.798873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T14:10:45.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xmldom",
"vendor": "xmldom",
"versions": [
{
"status": "affected",
"version": "xmldom \u003c= 0.6.0"
},
{
"status": "affected",
"version": "@xmldom/xmldom \u003e= 0.9.0, \u003c 0.9.10"
},
{
"status": "affected",
"version": "@xmldom/xmldom \u003c 0.8.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application. This issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T03:40:28.378Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw"
},
{
"name": "https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa"
},
{
"name": "https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597"
},
{
"name": "https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f"
},
{
"name": "https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a"
},
{
"name": "https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe"
},
{
"name": "https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3"
},
{
"name": "https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112"
},
{
"name": "https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb"
},
{
"name": "https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84"
},
{
"name": "https://github.com/xmldom/xmldom/releases/tag/0.8.13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
},
{
"name": "https://github.com/xmldom/xmldom/releases/tag/0.9.10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
}
],
"source": {
"advisory": "GHSA-2v35-w6hq-6mfw",
"discovery": "UNKNOWN"
},
"title": "xmldom: Denial of service via uncontrolled recursion in XML serialization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41673",
"datePublished": "2026-05-07T03:40:28.378Z",
"dateReserved": "2026-04-22T03:53:24.405Z",
"dateUpdated": "2026-05-07T14:10:45.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-41673",
"date": "2026-06-16",
"epss": "0.00557",
"percentile": "0.41859"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-41673\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-07T04:16:33.257\",\"lastModified\":\"2026-05-07T15:16:08.670\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application. This issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"references\":[{\"url\":\"https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xmldom/xmldom/releases/tag/0.8.13\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xmldom/xmldom/releases/tag/0.9.10\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-41673\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-07T14:08:40.798873Z\"}}}], \"references\": [{\"url\": \"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-07T14:09:13.229Z\"}}], \"cna\": {\"title\": \"xmldom: Denial of service via uncontrolled recursion in XML serialization\", \"source\": {\"advisory\": \"GHSA-2v35-w6hq-6mfw\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"xmldom\", \"product\": \"xmldom\", \"versions\": [{\"status\": \"affected\", \"version\": \"xmldom \u003c= 0.6.0\"}, {\"status\": \"affected\", \"version\": \"@xmldom/xmldom \u003e= 0.9.0, \u003c 0.9.10\"}, {\"status\": \"affected\", \"version\": \"@xmldom/xmldom \u003c 0.8.13\"}]}], \"references\": [{\"url\": \"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\", \"name\": \"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa\", \"name\": \"https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597\", \"name\": \"https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f\", \"name\": \"https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a\", \"name\": \"https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe\", \"name\": \"https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3\", \"name\": \"https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112\", \"name\": \"https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb\", \"name\": \"https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84\", \"name\": \"https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/xmldom/xmldom/releases/tag/0.8.13\", \"name\": \"https://github.com/xmldom/xmldom/releases/tag/0.8.13\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/xmldom/xmldom/releases/tag/0.9.10\", \"name\": \"https://github.com/xmldom/xmldom/releases/tag/0.9.10\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application. This issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674: Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-07T03:40:28.378Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-41673\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-07T14:10:45.986Z\", \"dateReserved\": \"2026-04-22T03:53:24.405Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-07T03:40:28.378Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-41673
Vulnerability from fkie_nvd - Published: 2026-05-07 04:16 - Updated: 2026-05-07 15:16
Severity
Summary
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application. This issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application. This issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13."
}
],
"id": "CVE-2026-41673",
"lastModified": "2026-05-07T15:16:08.670",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-05-07T04:16:33.257",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-2V35-W6HQ-6MFW
Vulnerability from github – Published: 2026-04-22 20:23 – Updated: 2026-05-08 20:10
VLAI
Summary
xmldom: Uncontrolled recursion in XML serialization leads to DoS
Details
Summary
Seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply
nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application.
Reported operations:
- Node.prototype.normalize() — reported by @praveen-kv (email 2026-04-05) and @KarimTantawey (GHSA-fwmp-8wwc-qhv6, via DOMParser.parseFromString())
- XMLSerializer.serializeToString() — reported by @Jvr2022 (GHSA-2v35-w6hq-6mfw) and @KarimTantawey (GHSA-j2hf-fqwf-rrjf)
Additionally, discovered in research:
- Element.getElementsByTagName() / getElementsByTagNameNS() / getElementsByClassName() / getElementById()
- Node.cloneNode(true)
- Document.importNode(node, true)
- node.textContent (getter)
- Node.isEqualNode(other)
All seven share the same root cause: pure-JavaScript recursive tree traversal with no depth guard. A single deeply nested document (parsed successfully) triggers any or all of these operations.
Details
Root cause
lib/dom.js implements DOM tree traversals as depth-first recursive functions. Each level of
element nesting adds one JavaScript call frame. The JS engine's call stack is finite; once
exhausted, a RangeError: Maximum call stack size exceeded is thrown. This error may not be
caught reliably at stack-exhaustion depths because the catch handler itself requires stack
frames to execute — especially in async scenarios, where an uncaught RangeError inside a
callback or promise chain can crash the entire Node.js process.
Parsing a deeply nested document succeeds — the SAX parser in lib/sax.js is iterative.
The crash occurs during subsequent operations on the parsed DOM.
Node.prototype.normalize() — reported by @praveen-kv
lib/dom.js:1296–1308 (main):
normalize: function () {
var child = this.firstChild;
while (child) {
var next = child.nextSibling;
if (next && next.nodeType == TEXT_NODE && child.nodeType == TEXT_NODE) {
this.removeChild(next);
child.appendData(next.data);
} else {
child.normalize(); // recursive call — no depth guard
child = next;
}
}
},
Crash threshold (Node.js 18, default stack): ~10,000 levels.
XMLSerializer.serializeToString() — reported by @Jvr2022
lib/dom.js:2790–2974 (main):
The internal serializeToString worker recurses into child nodes at four call sites, each
passing a visibleNamespaces.slice() copy. The per-frame allocation causes earlier stack
exhaustion than normalize().
Crash threshold (Node.js 18, default stack): ~5,000 levels.
Additional recursive entry points
All five crash at ~10,000 levels on Node.js 18.
| Function | Definition | Public API entry point(s) | Crash depth (Node.js 18) |
|---|---|---|---|
_visitNode |
lib/dom.js:1529 |
getElementsByTagName(), getElementsByTagNameNS(), getElementsByClassName(), getElementById() |
~10,000 levels |
cloneNode (module fn) |
lib/dom.js:3037 |
Node.prototype.cloneNode(true) |
~10,000 levels |
importNode (module fn) |
lib/dom.js:2975 |
Document.prototype.importNode(node, true) |
~10,000 levels |
getTextContent (inner fn) |
lib/dom.js:3130 |
node.textContent (getter) |
~10,000 levels |
isEqualNode |
lib/dom.js:1120 |
Node.prototype.isEqualNode(other) |
~10,000 levels |
Both active branches (main and release-0.8.x) are identically affected. The unscoped xmldom
package (≤ 0.6.0) carries the same recursive patterns from its initial commit.
Browser behavior
Tested with Chromium 147 (Playwright headless). Chromium's native C++ implementations of all seven DOM methods are iterative — they traverse the DOM without consuming JS call stack frames. All seven succeed at depths up to 20,000 without any crash.
When @xmldom/xmldom is bundled and run in a browser context the same recursive JS code executes
under the browser's V8 stack limit (~12,000–13,000 frames). The crash thresholds are similar to
those observed on Node.js 18 (~5,000 for serializeToString, ~10,000 for the remaining six).
The vulnerability is specific to xmldom's pure-JavaScript recursive implementation, not an inherent property of the DOM operations.
PoC
normalize() (from @praveen-kv report, 2026-04-05)
const { DOMParser } = require('@xmldom/xmldom');
function generateNestedXML(depth) {
return '<root>' + '<a>'.repeat(depth) + 'text' + '</a>'.repeat(depth) + '</root>';
}
const doc = new DOMParser().parseFromString(generateNestedXML(10000), 'text/xml');
doc.documentElement.normalize();
// RangeError: Maximum call stack size exceeded
XMLSerializer.serializeToString() (from GHSA-2v35-w6hq-6mfw)
const { DOMParser, XMLSerializer } = require('@xmldom/xmldom');
const depth = 5000;
const xml = '<a>'.repeat(depth) + '</a>'.repeat(depth);
const doc = new DOMParser().parseFromString(xml, 'text/xml');
new XMLSerializer().serializeToString(doc);
// RangeError: Maximum call stack size exceeded
The other methods have been verified using similar pocs.
Impact
Any service that accepts attacker-controlled XML and subsequently calls any of the seven affected DOM operations can be forced into a reliable denial of service with a single crafted payload.
The immediate result is an uncaught RangeError and failed request processing. In deployments
where uncaught exceptions terminate the worker or process, the impact can extend beyond a single
request and disrupt service availability more broadly.
No authentication, special options, or invalid XML is required. A valid, deeply nested XML document is enough.
Disclosure
The normalize() vector was publicly disclosed at 2026-04-06T11:25:07Z via
xmldom/xmldom#987 (closed without merge).
serializeToString() and the five additional recursive entry points were not mentioned in that PR.
Fix Applied
All seven affected traversals have been converted from recursive to iterative implementations, eliminating call-stack consumption on deep trees.
walkDOM utility
A new walkDOM(node, context, callbacks) utility is introduced. It traverses the subtree rooted at node in depth-first order using an explicit JavaScript array as a stack, consuming heap memory instead of call-stack frames. context is an arbitrary value threaded through the walk — each callbacks.enter(node, context) call returns the context to pass to that node's children, enabling per-branch state (e.g. namespace snapshots in the serializer). callbacks.exit(node, context) (optional) is called in post-order after all children have been visited.
The following six operations are re-implemented on top of walkDOM:
| Operation | Public entry point(s) |
|---|---|
_visitNode helper |
getElementsByTagName(), getElementsByTagNameNS(), getElementsByClassName(), getElementById() |
getTextContent inner function |
node.textContent getter |
cloneNode module function |
Node.prototype.cloneNode(true) |
importNode module function |
Document.prototype.importNode(node, true) |
serializeToString worker |
XMLSerializer.prototype.serializeToString(), Node.prototype.toString(), NodeList.prototype.toString() |
normalize |
Node.prototype.normalize() |
normalize uses walkDOM with a null context and an enter callback that merges adjacent Text children of the current node before walkDOM reads and queues those children — so the surviving post-merge children are what the walker descends into.
Custom iterative loop for isEqualNode
One function cannot use walkDOM:
Node.prototype.isEqualNode(other) (0.9.x only; absent from 0.8.x) compares two trees in parallel. It maintains an explicit stack of {node, other} node pairs — one node from each tree — which cannot be expressed with walkDOM's single-tree visitor.
After the fix
All seven entry points succeed on trees of arbitrary depth without throwing RangeError. The original PoCs still demonstrate the vulnerability on unpatched versions and confirm the fix on patched versions.
Severity
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@xmldom/xmldom"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@xmldom/xmldom"
},
"ranges": [
{
"events": [
{
"introduced": "0.9.0"
},
{
"fixed": "0.9.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "xmldom"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41673"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T20:23:57Z",
"nvd_published_at": "2026-05-07T04:16:33Z",
"severity": "HIGH"
},
"details": "## Summary\n\nSeven recursive traversals in `lib/dom.js` operate without a depth limit. A sufficiently deeply\nnested DOM tree causes a `RangeError: Maximum call stack size exceeded`, crashing the application.\n\n**Reported operations:**\n- `Node.prototype.normalize()` \u2014 reported by @praveen-kv (email 2026-04-05) and @KarimTantawey (GHSA-fwmp-8wwc-qhv6, via `DOMParser.parseFromString()`)\n- `XMLSerializer.serializeToString()` \u2014 reported by @Jvr2022 (GHSA-2v35-w6hq-6mfw) and @KarimTantawey (GHSA-j2hf-fqwf-rrjf)\n\n**Additionally, discovered in research:**\n- `Element.getElementsByTagName()` / `getElementsByTagNameNS()` / `getElementsByClassName()` / `getElementById()`\n- `Node.cloneNode(true)`\n- `Document.importNode(node, true)`\n- `node.textContent` (getter)\n- `Node.isEqualNode(other)`\n\nAll seven share the same root cause: pure-JavaScript recursive tree traversal with no depth guard.\nA single deeply nested document (parsed successfully) triggers any or all of these operations.\n\n---\n\n## Details\n\n### Root cause\n\n`lib/dom.js` implements DOM tree traversals as depth-first recursive functions. Each level of\nelement nesting adds one JavaScript call frame. The JS engine\u0027s call stack is finite; once\nexhausted, a `RangeError: Maximum call stack size exceeded` is thrown. This error may not be\ncaught reliably at stack-exhaustion depths because the catch handler itself requires stack\nframes to execute \u2014 especially in async scenarios, where an uncaught `RangeError` inside a\ncallback or promise chain can crash the entire Node.js process.\n\nParsing a deeply nested document **succeeds** \u2014 the SAX parser in `lib/sax.js` is iterative.\nThe crash occurs during subsequent operations on the parsed DOM.\n\n### `Node.prototype.normalize()` \u2014 reported by @praveen-kv\n\n[`lib/dom.js:1296\u20131308`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1296-L1308) (main):\n\n```js\nnormalize: function () {\n var child = this.firstChild;\n while (child) {\n var next = child.nextSibling;\n if (next \u0026\u0026 next.nodeType == TEXT_NODE \u0026\u0026 child.nodeType == TEXT_NODE) {\n this.removeChild(next);\n child.appendData(next.data);\n } else {\n child.normalize(); // recursive call \u2014 no depth guard\n child = next;\n }\n }\n},\n```\n\nCrash threshold (Node.js 18, default stack): ~10,000 levels.\n\n### `XMLSerializer.serializeToString()` \u2014 reported by @Jvr2022\n\n[`lib/dom.js:2790\u20132974`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L2790-L2974) (main):\nThe internal `serializeToString` worker recurses into child nodes at four call sites, each\npassing a `visibleNamespaces.slice()` copy. The per-frame allocation causes earlier stack\nexhaustion than `normalize()`.\n\nCrash threshold (Node.js 18, default stack): ~5,000 levels.\n\n### Additional recursive entry points\n\nAll five crash at ~10,000 levels on Node.js 18.\n\n| Function | Definition | Public API entry point(s) | Crash depth (Node.js 18) |\n|-----------------------------|----------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------|--------------------------|\n| `_visitNode` | [`lib/dom.js:1529`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1529) | `getElementsByTagName()`, `getElementsByTagNameNS()`, `getElementsByClassName()`, `getElementById()` | ~10,000 levels |\n| `cloneNode` (module fn) | [`lib/dom.js:3037`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L3037) | `Node.prototype.cloneNode(true)` | ~10,000 levels |\n| `importNode` (module fn) | [`lib/dom.js:2975`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L2975) | `Document.prototype.importNode(node, true)` | ~10,000 levels |\n| `getTextContent` (inner fn) | [`lib/dom.js:3130`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L3130) | `node.textContent` (getter) | ~10,000 levels |\n| `isEqualNode` | [`lib/dom.js:1120`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1120) | `Node.prototype.isEqualNode(other)` | ~10,000 levels |\n\nBoth active branches (`main` and `release-0.8.x`) are identically affected. The unscoped `xmldom`\npackage (\u2264 0.6.0) carries the same recursive patterns from its initial commit.\n\n### Browser behavior\n\nTested with Chromium 147 (Playwright headless). Chromium\u0027s native C++ implementations of all\nseven DOM methods are **iterative** \u2014 they traverse the DOM without consuming JS call stack frames.\nAll seven succeed at depths up to 20,000 without any crash.\n\nWhen `@xmldom/xmldom` is bundled and run in a browser context the same recursive JS code executes\nunder the browser\u0027s V8 stack limit (~12,000\u201313,000 frames). The crash thresholds are similar to\nthose observed on Node.js 18 (~5,000 for `serializeToString`, ~10,000 for the remaining six).\n\nThe vulnerability is specific to xmldom\u0027s pure-JavaScript recursive implementation, not an\ninherent property of the DOM operations.\n\n---\n\n## PoC\n\n### `normalize()` (from @praveen-kv report, 2026-04-05)\n\n```js\nconst { DOMParser } = require(\u0027@xmldom/xmldom\u0027);\n\nfunction generateNestedXML(depth) {\n return \u0027\u003croot\u003e\u0027 + \u0027\u003ca\u003e\u0027.repeat(depth) + \u0027text\u0027 + \u0027\u003c/a\u003e\u0027.repeat(depth) + \u0027\u003c/root\u003e\u0027;\n}\n\nconst doc = new DOMParser().parseFromString(generateNestedXML(10000), \u0027text/xml\u0027);\ndoc.documentElement.normalize();\n// RangeError: Maximum call stack size exceeded\n```\n\n### `XMLSerializer.serializeToString()` (from GHSA-2v35-w6hq-6mfw)\n\n```js\nconst { DOMParser, XMLSerializer } = require(\u0027@xmldom/xmldom\u0027);\n\nconst depth = 5000;\nconst xml = \u0027\u003ca\u003e\u0027.repeat(depth) + \u0027\u003c/a\u003e\u0027.repeat(depth);\nconst doc = new DOMParser().parseFromString(xml, \u0027text/xml\u0027);\nnew XMLSerializer().serializeToString(doc);\n// RangeError: Maximum call stack size exceeded\n```\n\nThe other methods have been verified using similar pocs.\n\n---\n\n## Impact\n\nAny service that accepts attacker-controlled XML and subsequently calls any of the seven affected\nDOM operations can be forced into a reliable denial of service with a single crafted payload.\n\nThe immediate result is an uncaught `RangeError` and failed request processing. In deployments\nwhere uncaught exceptions terminate the worker or process, the impact can extend beyond a single\nrequest and disrupt service availability more broadly.\n\nNo authentication, special options, or invalid XML is required. A valid, deeply nested XML\ndocument is enough.\n\n---\n\n## Disclosure\n\nThe `normalize()` vector was publicly disclosed at 2026-04-06T11:25:07Z via\n[xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987) (closed without merge).\n`serializeToString()` and the five additional recursive entry points were not mentioned in that PR.\n\n---\n\n## Fix Applied\n\nAll seven affected traversals have been converted from recursive to iterative implementations, eliminating call-stack consumption on deep trees.\n\n### `walkDOM` utility\n\nA new `walkDOM(node, context, callbacks)` utility is introduced. It traverses the subtree rooted at `node` in depth-first order using an explicit JavaScript array as a stack, consuming heap memory instead of call-stack frames. `context` is an arbitrary value threaded through the walk \u2014 each `callbacks.enter(node, context)` call returns the context to pass to that node\u0027s children, enabling per-branch state (e.g. namespace snapshots in the serializer). `callbacks.exit(node, context)` (optional) is called in post-order after all children have been visited.\n\nThe following six operations are re-implemented on top of `walkDOM`:\n\n| Operation | Public entry point(s) |\n|---|---|\n| `_visitNode` helper | `getElementsByTagName()`, `getElementsByTagNameNS()`, `getElementsByClassName()`, `getElementById()` |\n| `getTextContent` inner function | `node.textContent` getter |\n| `cloneNode` module function | `Node.prototype.cloneNode(true)` |\n| `importNode` module function | `Document.prototype.importNode(node, true)` |\n| `serializeToString` worker | `XMLSerializer.prototype.serializeToString()`, `Node.prototype.toString()`, `NodeList.prototype.toString()` |\n| `normalize` | `Node.prototype.normalize()` |\n\n`normalize` uses `walkDOM` with a `null` context and an `enter` callback that merges adjacent Text children of the current node before `walkDOM` reads and queues those children \u2014 so the surviving post-merge children are what the walker descends into.\n\n### Custom iterative loop for `isEqualNode`\n\nOne function cannot use `walkDOM`:\n\n**`Node.prototype.isEqualNode(other)`** (0.9.x only; absent from 0.8.x) compares two trees in parallel. It maintains an explicit stack of `{node, other}` node pairs \u2014 one node from each tree \u2014 which cannot be expressed with `walkDOM`\u0027s single-tree visitor.\n\n### After the fix\n\nAll seven entry points succeed on trees of arbitrary depth without throwing `RangeError`. The original PoCs still demonstrate the vulnerability on unpatched versions and confirm the fix on patched versions.",
"id": "GHSA-2v35-w6hq-6mfw",
"modified": "2026-05-08T20:10:21Z",
"published": "2026-04-22T20:23:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41673"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84"
},
{
"type": "PACKAGE",
"url": "https://github.com/xmldom/xmldom"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
},
{
"type": "WEB",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "xmldom: Uncontrolled recursion in XML serialization leads to DoS"
}
MSRC_CVE-2026-41673
Vulnerability from csaf_microsoft - Published: 2026-05-02 00:00 - Updated: 2026-05-19 01:49Summary
xmldom: Denial of service via uncontrolled recursion in XML serialization
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
CWE-674
- Uncontrolled Recursion
Affected products
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-1 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-41673.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "xmldom: Denial of service via uncontrolled recursion in XML serialization",
"tracking": {
"current_release_date": "2026-05-19T01:49:02.000Z",
"generator": {
"date": "2026-05-19T07:12:12.386Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-41673",
"initial_release_date": "2026-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-05-08T01:01:40.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-05-19T01:49:02.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"category": "product_name",
"name": "azl3 python-tensorboard 0:2.16.2-6.azl3",
"product": {
"name": "azl3 python-tensorboard 0:2.16.2-6.azl3",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 0:2.16.2-6.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41673",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"known_not_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-41673.json"
}
],
"title": "xmldom: Denial of service via uncontrolled recursion in XML serialization"
}
]
}
RHSA-2026:26234
Vulnerability from csaf_redhat - Published: 2026-06-16 09:33 - Updated: 2026-06-16 23:10Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.9.5 release.
Severity
Important
Notes
Topic: Red Hat Developer Hub 1.9.5 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Threats
Impact
Important
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Threats
Impact
Important
A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Threats
Impact
Important
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by exploiting the `inspect` function. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Threats
Impact
Important
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in protobufjs, a JavaScript (JS) library used for compiling protobuf definitions. A remote attacker with low privileges can exploit this vulnerability by injecting arbitrary code into the "type" fields of protobuf definitions. This malicious code will then execute during the object decoding process, leading to arbitrary code execution and potentially full system compromise.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Threats
Impact
Important
A flaw was found in xmldom and @xmldom/xmldom, a JavaScript module for parsing and serializing XML. This vulnerability allows an attacker to inject malicious content into XML comments. By doing so, the attacker can prematurely close a comment and insert unauthorized XML elements into the final output. This could lead to the manipulation of data within the XML document.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `xmldom` library, a JavaScript module for parsing XML documents. An attacker could exploit this vulnerability by providing a specially crafted, deeply nested XML document. This could lead to a Denial of Service (DoS) by causing the application to crash due to excessive recursion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in xmldom and @xmldom/xmldom, a JavaScript library for parsing and serializing XML. This vulnerability allows an attacker to inject arbitrary XML markup into a document due to improper handling of DocumentType node fields during serialization. By crafting malicious input, an attacker can cause the XML serializer to prematurely terminate the DOCTYPE declaration, enabling the insertion of unauthorized content. This could lead to information disclosure or, in certain configurations, the execution of arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Threats
Impact
Important
A flaw was found in xmldom. A remote attacker can exploit this vulnerability by providing specially crafted processing instruction data. Due to improper validation of the processing instruction closing sequence, the attacker can terminate the instruction prematurely and inject arbitrary XML nodes into the serialized output. This can lead to data manipulation and integrity issues within applications that process the affected XML.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe expression within the toObject conversion function, ultimately allowing the attacker to execute arbitrary code.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 | — |
Workaround
|
Threats
Impact
Important
References
140 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.9.5 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:26234",
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24781",
"url": "https://access.redhat.com/security/cve/CVE-2026-24781"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41242",
"url": "https://access.redhat.com/security/cve/CVE-2026-41242"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41672",
"url": "https://access.redhat.com/security/cve/CVE-2026-41672"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41673",
"url": "https://access.redhat.com/security/cve/CVE-2026-41673"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41674",
"url": "https://access.redhat.com/security/cve/CVE-2026-41674"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41675",
"url": "https://access.redhat.com/security/cve/CVE-2026-41675"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44293",
"url": "https://access.redhat.com/security/cve/CVE-2026-44293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6321",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6322",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9277",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-3128",
"url": "https://issues.redhat.com/browse/RHDHBUGS-3128"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26234.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.9.5 release.",
"tracking": {
"current_release_date": "2026-06-16T23:10:12+00:00",
"generator": {
"date": "2026-06-16T23:10:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:26234",
"initial_release_date": "2026-06-16T09:33:13+00:00",
"revision_history": [
{
"date": "2026-06-16T09:33:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-16T09:33:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-16T23:10:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.9",
"product": {
"name": "Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.9::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3Adca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9\u0026tag=1781187342"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator\u0026tag=1781187028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Adac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle\u0026tag=1781191254"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 as a component of Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 as a component of Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 as a component of Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6321",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-05-04T20:01:14.938426+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466582"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "RHBZ#2466582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466582"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6321",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
}
],
"release_date": "2026-05-04T19:31:57.253000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies"
},
{
"cve": "CVE-2026-6322",
"cwe": {
"id": "CWE-140",
"name": "Improper Neutralization of Delimiters"
},
"discovery_date": "2026-05-05T11:01:00.332189+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI\u0027s intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "RHBZ#2466684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
}
],
"release_date": "2026-05-05T10:29:16.378000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling"
},
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-24781",
"cwe": {
"id": "CWE-653",
"name": "Improper Isolation or Compartmentalization"
},
"discovery_date": "2026-05-04T19:03:41.437468+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by exploiting the `inspect` function. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24781"
},
{
"category": "external",
"summary": "RHBZ#2466531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24781",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24781"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24781",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24781"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/8d30d93213c1898b3e035298b89a814970dd1189",
"url": "https://github.com/patriksimek/vm2/commit/8d30d93213c1898b3e035298b89a814970dd1189"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/bdd3d15e57bc4ec5e70365cd79f7cb0256e5f88c",
"url": "https://github.com/patriksimek/vm2/commit/bdd3d15e57bc4ec5e70365cd79f7cb0256e5f88c"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/fd266d084e0a3322d0f71ba2a8dc4c96cd030228",
"url": "https://github.com/patriksimek/vm2/commit/fd266d084e0a3322d0f71ba2a8dc4c96cd030228"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.0",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.0"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c"
}
],
"release_date": "2026-05-04T16:33:32.869000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-41242",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-04-18T17:00:50.677423+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2459442"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in protobufjs, a JavaScript (JS) library used for compiling protobuf definitions. A remote attacker with low privileges can exploit this vulnerability by injecting arbitrary code into the \"type\" fields of protobuf definitions. This malicious code will then execute during the object decoding process, leading to arbitrary code execution and potentially full system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41242"
},
{
"category": "external",
"summary": "RHBZ#2459442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459442"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41242"
},
{
"category": "external",
"summary": "https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75",
"url": "https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75"
},
{
"category": "external",
"summary": "https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956",
"url": "https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956"
},
{
"category": "external",
"summary": "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5",
"url": "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5"
},
{
"category": "external",
"summary": "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1",
"url": "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1"
},
{
"category": "external",
"summary": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg",
"url": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg"
}
],
"release_date": "2026-04-18T16:18:10.652000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields"
},
{
"cve": "CVE-2026-41672",
"cwe": {
"id": "CWE-91",
"name": "XML Injection (aka Blind XPath Injection)"
},
"discovery_date": "2026-05-07T05:02:05.372643+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467631"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xmldom and @xmldom/xmldom, a JavaScript module for parsing and serializing XML. This vulnerability allows an attacker to inject malicious content into XML comments. By doing so, the attacker can prematurely close a comment and insert unauthorized XML elements into the final output. This could lead to the manipulation of data within the XML document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xmldom: @xmldom/xmldom: xmldom: Arbitrary XML Node Injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41672"
},
{
"category": "external",
"summary": "RHBZ#2467631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467631"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41672"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7",
"url": "https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1",
"url": "https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/pull/987",
"url": "https://github.com/xmldom/xmldom/pull/987"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/releases/tag/0.8.13",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/releases/tag/0.9.10",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8",
"url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8"
}
],
"release_date": "2026-05-07T03:36:16.914000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xmldom: @xmldom/xmldom: xmldom: Arbitrary XML Node Injection"
},
{
"cve": "CVE-2026-41673",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-05-07T05:02:01.500444+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `xmldom` library, a JavaScript module for parsing XML documents. An attacker could exploit this vulnerability by providing a specially crafted, deeply nested XML document. This could lead to a Denial of Service (DoS) by causing the application to crash due to excessive recursion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@xmldom/xmldom: xmldom: xmldom: Denial of Service via deeply nested XML documents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41673"
},
{
"category": "external",
"summary": "RHBZ#2467630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41673"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa",
"url": "https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597",
"url": "https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f",
"url": "https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a",
"url": "https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe",
"url": "https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3",
"url": "https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112",
"url": "https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb",
"url": "https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84",
"url": "https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/releases/tag/0.8.13",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/releases/tag/0.9.10",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw",
"url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw"
}
],
"release_date": "2026-05-07T03:40:28.378000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@xmldom/xmldom: xmldom: xmldom: Denial of Service via deeply nested XML documents"
},
{
"cve": "CVE-2026-41674",
"cwe": {
"id": "CWE-91",
"name": "XML Injection (aka Blind XPath Injection)"
},
"discovery_date": "2026-05-07T05:01:25.803044+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467620"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xmldom and @xmldom/xmldom, a JavaScript library for parsing and serializing XML. This vulnerability allows an attacker to inject arbitrary XML markup into a document due to improper handling of DocumentType node fields during serialization. By crafting malicious input, an attacker can cause the XML serializer to prematurely terminate the DOCTYPE declaration, enabling the insertion of unauthorized content. This could lead to information disclosure or, in certain configurations, the execution of arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xmldom: xmldom: Arbitrary XML markup injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41674"
},
{
"category": "external",
"summary": "RHBZ#2467620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41674",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41674"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41674",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41674"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314",
"url": "https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/releases/tag/0.8.13",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/releases/tag/0.9.10",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h",
"url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h"
}
],
"release_date": "2026-05-07T03:47:51.140000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xmldom: xmldom: Arbitrary XML markup injection"
},
{
"cve": "CVE-2026-41675",
"cwe": {
"id": "CWE-91",
"name": "XML Injection (aka Blind XPath Injection)"
},
"discovery_date": "2026-05-07T05:01:58.399809+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xmldom. A remote attacker can exploit this vulnerability by providing specially crafted processing instruction data. Due to improper validation of the processing instruction closing sequence, the attacker can terminate the instruction prematurely and inject arbitrary XML nodes into the serialized output. This can lead to data manipulation and integrity issues within applications that process the affected XML.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xmldom: xmldom: Arbitrary XML node injection via crafted processing instructions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41675"
},
{
"category": "external",
"summary": "RHBZ#2467629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41675"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/7207a4b0e0bcc228868075ed991665ef9f73b1c2",
"url": "https://github.com/xmldom/xmldom/commit/7207a4b0e0bcc228868075ed991665ef9f73b1c2"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/releases/tag/0.8.13",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/releases/tag/0.9.10",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx",
"url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx"
}
],
"release_date": "2026-05-07T03:49:34.056000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xmldom: xmldom: Arbitrary XML node injection via crafted processing instructions"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
},
{
"cve": "CVE-2026-44293",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-05-13T16:03:50.961609+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe expression within the toObject conversion function, ultimately allowing the attacker to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw affecting Red Hat products that incorporate the protobufjs library. protobufjs is vulnerable to arbitrary code execution when compiling protobuf definitions into JavaScript. During generation of the toObject conversion function, a schema-controlled default value on a bytes field that is not a string can be emitted as unsafe JavaScript code. An attacker who can supply or influence the protobuf descriptor processed by the application (low privileges required) may achieve code execution in the Node.js process context. Fixed upstream in protobufjs 7.5.6 and 8.0.2. Affects Red Hat offerings that bundle protobufjs and process attacker-influenced protobuf schemas at runtime.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44293"
},
{
"category": "external",
"summary": "RHBZ#2477104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44293"
},
{
"category": "external",
"summary": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm",
"url": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm"
}
],
"release_date": "2026-05-13T14:43:33.342000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:33:13+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…