Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-57810 (GCVE-0-2025-57810)
Vulnerability from cvelistv5 – Published: 2025-08-26 15:37 – Updated: 2025-08-26 15:58
VLAI?
EPSS
Title
jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T15:58:22.222216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T15:58:25.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jsPDF",
"vendor": "parallax",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T15:37:28.071Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
},
{
"name": "https://github.com/parallax/jsPDF/pull/3880",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/pull/3880"
},
{
"name": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
},
{
"name": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
}
],
"source": {
"advisory": "GHSA-8mvj-3j78-4qmw",
"discovery": "UNKNOWN"
},
"title": "jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57810",
"datePublished": "2025-08-26T15:37:28.071Z",
"dateReserved": "2025-08-20T14:30:35.010Z",
"dateUpdated": "2025-08-26T15:58:25.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-57810\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-26T16:15:37.827\",\"lastModified\":\"2025-09-09T18:56:24.770\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.\"},{\"lang\":\"es\",\"value\":\"jsPDF es una librer\u00eda para generar archivos PDF en JavaScript. Antes de la versi\u00f3n 3.0.2, el control del usuario sobre el primer argumento del m\u00e9todo addImage provocaba un alto consumo de CPU y una denegaci\u00f3n de servicio. Si se le permit\u00eda pasar datos de imagen o URL no depuradas al m\u00e9todo addImage, un usuario pod\u00eda proporcionar un archivo PNG da\u00f1ino que provocaba un alto consumo de CPU y una denegaci\u00f3n de servicio. Esta vulnerabilidad se corrigi\u00f3 en jsPDF 3.0.2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parall:jspdf:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"3.0.2\",\"matchCriteriaId\":\"BF3183E6-8532-49EF-89D6-3F8C80072A34\"}]}]}],\"references\":[{\"url\":\"https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/parallax/jsPDF/pull/3880\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/parallax/jsPDF/releases/tag/v3.0.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-57810\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-26T15:58:22.222216Z\"}}}], \"references\": [{\"url\": \"https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-26T15:58:15.728Z\"}}], \"cna\": {\"title\": \"jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)\", \"source\": {\"advisory\": \"GHSA-8mvj-3j78-4qmw\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"parallax\", \"product\": \"jsPDF\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.0.2\"}]}], \"references\": [{\"url\": \"https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw\", \"name\": \"https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/parallax/jsPDF/pull/3880\", \"name\": \"https://github.com/parallax/jsPDF/pull/3880\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9\", \"name\": \"https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/parallax/jsPDF/releases/tag/v3.0.2\", \"name\": \"https://github.com/parallax/jsPDF/releases/tag/v3.0.2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-26T15:37:28.071Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-57810\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-26T15:58:25.184Z\", \"dateReserved\": \"2025-08-20T14:30:35.010Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-26T15:37:28.071Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2026-AVI-0109
Vulnerability from certfr_avis - Published: 2026-01-30 - Updated: 2026-01-30
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar User Behavior Analytics versions antérieures à 5.1.0 | ||
| IBM | Tivoli | Tivoli Application Dependency Discovery Manager version 7.3.0 sans le dernier correctif de sécurité | ||
| IBM | Db2 | Db2 versions 12.1.x antérieures à 12.1.2 sans le correctif de sécurité #72296 | ||
| IBM | Db2 | DB2 Data Management Console versions 3.1.1x antérieures à 3.1.13.2 | ||
| IBM | WebSphere | WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60 | ||
| IBM | WebSphere | WebSphere Application Server version 8.5 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.8 sur Cloud Pak for Data 5.1 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | Db2 | Db2 versions 11.5.x antérieures à 11.5.9 sans le correctif de sécurité #66394 | ||
| IBM | Db2 | Db2 version 12.1.3 sans le correctif de sécurité #71609 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.6 sur Cloud Pak for Data 4.8 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 8.2 sur Cloud Pak for Data 5.2 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions 17.0.0.3 à 26.0.0.1 sans le correctif de sécurité PH69485 ou antérieures à 26.0.0.2 (disponibilité prévue pour le premier trimestre 2026) | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP14 IF04 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.7 sur Cloud Pak for Data 5.0 antérieures à 8.3 sur Cloud Pak for Data 5.3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 5.1.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Application Dependency Discovery Manager version 7.3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.2 sans le correctif de s\u00e9curit\u00e9 #72296",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions 3.1.1x ant\u00e9rieures \u00e0 3.1.13.2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server version 8.5 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.8 sur Cloud Pak for Data 5.1 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.9 sans le correctif de s\u00e9curit\u00e9 #66394",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 version 12.1.3 sans le correctif de s\u00e9curit\u00e9 #71609",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.6 sur Cloud Pak for Data 4.8 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 8.2 sur Cloud Pak for Data 5.2 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 26.0.0.1 sans le correctif de s\u00e9curit\u00e9 PH69485 ou ant\u00e9rieures \u00e0 26.0.0.2 (disponibilit\u00e9 pr\u00e9vue pour le premier trimestre 2026)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14 IF04",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.7 sur Cloud Pak for Data 5.0 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-2534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2534"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2016-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2193"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2022-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2596"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2025-36131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36131"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2024-37071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37071"
},
{
"name": "CVE-2019-9515",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9515"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2024-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47118"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2019-9514",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9514"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-57810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
},
{
"name": "CVE-2024-41761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41761"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-36136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36136"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2022-33987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2025-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36006"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2025-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2025-6493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6493"
},
{
"name": "CVE-2025-33012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33012"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2025-25977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25977"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2025-11083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11083"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-54313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54313"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2025-39697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39697"
},
{
"name": "CVE-2025-29907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29907"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2024-41762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41762"
},
{
"name": "CVE-2021-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23413"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-39971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
},
{
"name": "CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2024-57965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2024-40679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40679"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2025-14914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14914"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2019-9512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9512"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2024-45663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45663"
},
{
"name": "CVE-2025-33134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33134"
},
{
"name": "CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2025-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36185"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2026-01-30T00:00:00",
"last_revision_date": "2026-01-30T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0109",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 5691194",
"url": "https://www.ibm.com/support/pages/node/5691194"
},
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258104",
"url": "https://www.ibm.com/support/pages/node/7258104"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258234",
"url": "https://www.ibm.com/support/pages/node/7258234"
},
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258110",
"url": "https://www.ibm.com/support/pages/node/7258110"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257910",
"url": "https://www.ibm.com/support/pages/node/7257910"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257899",
"url": "https://www.ibm.com/support/pages/node/7257899"
},
{
"published_at": "2026-01-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258042",
"url": "https://www.ibm.com/support/pages/node/7258042"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257904",
"url": "https://www.ibm.com/support/pages/node/7257904"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257903",
"url": "https://www.ibm.com/support/pages/node/7257903"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257901",
"url": "https://www.ibm.com/support/pages/node/7257901"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257898",
"url": "https://www.ibm.com/support/pages/node/7257898"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257900",
"url": "https://www.ibm.com/support/pages/node/7257900"
},
{
"published_at": "2026-01-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257978",
"url": "https://www.ibm.com/support/pages/node/7257978"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257902",
"url": "https://www.ibm.com/support/pages/node/7257902"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257519",
"url": "https://www.ibm.com/support/pages/node/7257519"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258331",
"url": "https://www.ibm.com/support/pages/node/7258331"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257633",
"url": "https://www.ibm.com/support/pages/node/7257633"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258232",
"url": "https://www.ibm.com/support/pages/node/7258232"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258224",
"url": "https://www.ibm.com/support/pages/node/7258224"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257678",
"url": "https://www.ibm.com/support/pages/node/7257678"
}
]
}
CERTFR-2026-AVI-0118
Vulnerability from certfr_avis - Published: 2026-02-05 - Updated: 2026-02-05
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk SOAR versions ant\u00e9rieures \u00e0 7.1.0",
"product": {
"name": "SOAR",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-32873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32873"
},
{
"name": "CVE-2025-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
},
{
"name": "CVE-2025-57810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-47287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
}
],
"initial_release_date": "2026-02-05T00:00:00",
"last_revision_date": "2026-02-05T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0118",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0201",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0201"
}
]
}
CERTFR-2025-AVI-0861
Vulnerability from certfr_avis - Published: 2025-10-10 - Updated: 2025-10-10
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.4.x antérieures à 6.4.0.4 | ||
| IBM | Db2 | DB2 Data Management Console on CPD versions 4.8.8 et 5.x antérieures à CPD 5.2.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13.1 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.15 | ||
| IBM | N/A | Db2 Intelligence Center versions 1.1.x antérieures à 1.1.2.0 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console on CPD versions 4.8.8 et 5.x ant\u00e9rieures \u00e0 CPD 5.2.0",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Intelligence Center versions 1.1.x ant\u00e9rieures \u00e0 1.1.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-57810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
},
{
"name": "CVE-2020-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2019-11250",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11250"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
}
],
"initial_release_date": "2025-10-10T00:00:00",
"last_revision_date": "2025-10-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0861",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247430",
"url": "https://www.ibm.com/support/pages/node/7247430"
},
{
"published_at": "2025-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247086",
"url": "https://www.ibm.com/support/pages/node/7247086"
},
{
"published_at": "2025-10-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247188",
"url": "https://www.ibm.com/support/pages/node/7247188"
},
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247285",
"url": "https://www.ibm.com/support/pages/node/7247285"
},
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247283",
"url": "https://www.ibm.com/support/pages/node/7247283"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247431",
"url": "https://www.ibm.com/support/pages/node/7247431"
}
]
}
CERTFR-2026-AVI-0109
Vulnerability from certfr_avis - Published: 2026-01-30 - Updated: 2026-01-30
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar User Behavior Analytics versions antérieures à 5.1.0 | ||
| IBM | Tivoli | Tivoli Application Dependency Discovery Manager version 7.3.0 sans le dernier correctif de sécurité | ||
| IBM | Db2 | Db2 versions 12.1.x antérieures à 12.1.2 sans le correctif de sécurité #72296 | ||
| IBM | Db2 | DB2 Data Management Console versions 3.1.1x antérieures à 3.1.13.2 | ||
| IBM | WebSphere | WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60 | ||
| IBM | WebSphere | WebSphere Application Server version 8.5 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.8 sur Cloud Pak for Data 5.1 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | Db2 | Db2 versions 11.5.x antérieures à 11.5.9 sans le correctif de sécurité #66394 | ||
| IBM | Db2 | Db2 version 12.1.3 sans le correctif de sécurité #71609 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.6 sur Cloud Pak for Data 4.8 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 8.2 sur Cloud Pak for Data 5.2 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions 17.0.0.3 à 26.0.0.1 sans le correctif de sécurité PH69485 ou antérieures à 26.0.0.2 (disponibilité prévue pour le premier trimestre 2026) | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP14 IF04 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.7 sur Cloud Pak for Data 5.0 antérieures à 8.3 sur Cloud Pak for Data 5.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 5.1.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Application Dependency Discovery Manager version 7.3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.2 sans le correctif de s\u00e9curit\u00e9 #72296",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions 3.1.1x ant\u00e9rieures \u00e0 3.1.13.2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server version 8.5 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.8 sur Cloud Pak for Data 5.1 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.9 sans le correctif de s\u00e9curit\u00e9 #66394",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 version 12.1.3 sans le correctif de s\u00e9curit\u00e9 #71609",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.6 sur Cloud Pak for Data 4.8 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 8.2 sur Cloud Pak for Data 5.2 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 26.0.0.1 sans le correctif de s\u00e9curit\u00e9 PH69485 ou ant\u00e9rieures \u00e0 26.0.0.2 (disponibilit\u00e9 pr\u00e9vue pour le premier trimestre 2026)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14 IF04",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.7 sur Cloud Pak for Data 5.0 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-2534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2534"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2016-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2193"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2022-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2596"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2025-36131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36131"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2024-37071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37071"
},
{
"name": "CVE-2019-9515",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9515"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2024-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47118"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2019-9514",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9514"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-57810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
},
{
"name": "CVE-2024-41761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41761"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-36136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36136"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2022-33987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2025-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36006"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2025-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2025-6493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6493"
},
{
"name": "CVE-2025-33012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33012"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2025-25977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25977"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2025-11083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11083"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-54313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54313"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2025-39697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39697"
},
{
"name": "CVE-2025-29907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29907"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2024-41762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41762"
},
{
"name": "CVE-2021-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23413"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-39971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
},
{
"name": "CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2024-57965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2024-40679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40679"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2025-14914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14914"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2019-9512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9512"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2024-45663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45663"
},
{
"name": "CVE-2025-33134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33134"
},
{
"name": "CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2025-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36185"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2026-01-30T00:00:00",
"last_revision_date": "2026-01-30T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0109",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 5691194",
"url": "https://www.ibm.com/support/pages/node/5691194"
},
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258104",
"url": "https://www.ibm.com/support/pages/node/7258104"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258234",
"url": "https://www.ibm.com/support/pages/node/7258234"
},
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258110",
"url": "https://www.ibm.com/support/pages/node/7258110"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257910",
"url": "https://www.ibm.com/support/pages/node/7257910"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257899",
"url": "https://www.ibm.com/support/pages/node/7257899"
},
{
"published_at": "2026-01-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258042",
"url": "https://www.ibm.com/support/pages/node/7258042"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257904",
"url": "https://www.ibm.com/support/pages/node/7257904"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257903",
"url": "https://www.ibm.com/support/pages/node/7257903"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257901",
"url": "https://www.ibm.com/support/pages/node/7257901"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257898",
"url": "https://www.ibm.com/support/pages/node/7257898"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257900",
"url": "https://www.ibm.com/support/pages/node/7257900"
},
{
"published_at": "2026-01-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257978",
"url": "https://www.ibm.com/support/pages/node/7257978"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257902",
"url": "https://www.ibm.com/support/pages/node/7257902"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257519",
"url": "https://www.ibm.com/support/pages/node/7257519"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258331",
"url": "https://www.ibm.com/support/pages/node/7258331"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257633",
"url": "https://www.ibm.com/support/pages/node/7257633"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258232",
"url": "https://www.ibm.com/support/pages/node/7258232"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258224",
"url": "https://www.ibm.com/support/pages/node/7258224"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257678",
"url": "https://www.ibm.com/support/pages/node/7257678"
}
]
}
CERTFR-2025-AVI-0861
Vulnerability from certfr_avis - Published: 2025-10-10 - Updated: 2025-10-10
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.4.x antérieures à 6.4.0.4 | ||
| IBM | Db2 | DB2 Data Management Console on CPD versions 4.8.8 et 5.x antérieures à CPD 5.2.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13.1 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.15 | ||
| IBM | N/A | Db2 Intelligence Center versions 1.1.x antérieures à 1.1.2.0 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console on CPD versions 4.8.8 et 5.x ant\u00e9rieures \u00e0 CPD 5.2.0",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Intelligence Center versions 1.1.x ant\u00e9rieures \u00e0 1.1.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-57810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
},
{
"name": "CVE-2020-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2019-11250",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11250"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
}
],
"initial_release_date": "2025-10-10T00:00:00",
"last_revision_date": "2025-10-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0861",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247430",
"url": "https://www.ibm.com/support/pages/node/7247430"
},
{
"published_at": "2025-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247086",
"url": "https://www.ibm.com/support/pages/node/7247086"
},
{
"published_at": "2025-10-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247188",
"url": "https://www.ibm.com/support/pages/node/7247188"
},
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247285",
"url": "https://www.ibm.com/support/pages/node/7247285"
},
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247283",
"url": "https://www.ibm.com/support/pages/node/7247283"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247431",
"url": "https://www.ibm.com/support/pages/node/7247431"
}
]
}
CERTFR-2026-AVI-0118
Vulnerability from certfr_avis - Published: 2026-02-05 - Updated: 2026-02-05
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk SOAR versions ant\u00e9rieures \u00e0 7.1.0",
"product": {
"name": "SOAR",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-32873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32873"
},
{
"name": "CVE-2025-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
},
{
"name": "CVE-2025-57810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-47287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
}
],
"initial_release_date": "2026-02-05T00:00:00",
"last_revision_date": "2026-02-05T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0118",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0201",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0201"
}
]
}
BDU:2025-11395
Vulnerability from fstec - Published: 26.08.2025
VLAI Severity ?
Title
Уязвимость метода addImage библиотеки для создания PDF-файлов jsPDF, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость метода addImage библиотеки для создания PDF-файлов jsPDF связана с неограниченным распределением ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity ?
Vendor
Parallax Agency Ltd, АО «Экзософт»
Software Name
jsPDF, VMmanager 6 (запись в едином реестре российских программ №9662)
Software Version
до 3.0.2 (jsPDF), до 6.2.2025.10.1 (VMmanager 6)
Possible Mitigations
Использование рекомендаций:
https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9
https://github.com/parallax/jsPDF/releases/tag/v3.0.2
Для VMmanager 6:
обновление программного обеспечения, применение оперативного обновления Vmmanager 6 6.2.2025.10.1, предоставляемого в личном кабинете пользователя https://lk.astra.ru/ (https://wiki.astralinux.ru/x/ziLoD)
Reference
https://github.com/parallax/jsPDF/releases/tag/v3.0.2
https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw
https://github.com/parallax/jsPDF/pull/3880
https://lk.astra.ru/
https://wiki.astralinux.ru/x/ziLoD
CWE
CWE-20, CWE-770
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Parallax Agency Ltd, \u0410\u041e \u00ab\u042d\u043a\u0437\u043e\u0441\u043e\u0444\u0442\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 3.0.2 (jsPDF), \u0434\u043e 6.2.2025.10.1 (VMmanager 6)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9\nhttps://github.com/parallax/jsPDF/releases/tag/v3.0.2\n\n\u0414\u043b\u044f VMmanager 6: \n\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Vmmanager 6 6.2.2025.10.1, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c\u043e\u0433\u043e \u0432 \u043b\u0438\u0447\u043d\u043e\u043c \u043a\u0430\u0431\u0438\u043d\u0435\u0442\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f https://lk.astra.ru/ (https://wiki.astralinux.ru/x/ziLoD)",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.08.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "09.02.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.09.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-11395",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-57810",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043d\u043e\u0433\u043e\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u0430\u044f",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "jsPDF, VMmanager 6 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169662)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u0430 addImage \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f PDF-\u0444\u0430\u0439\u043b\u043e\u0432 jsPDF, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0438\u043b\u0438 \u0434\u0440\u043e\u0441\u0441\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 (CWE-770)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u0430 addImage \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f PDF-\u0444\u0430\u0439\u043b\u043e\u0432 jsPDF \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c: \u0410\u043b\u0435\u043a\u0441\u0435\u0439 \u0421\u043e\u043b\u043e\u0432\u044c\u0435\u0432 (Positive Technologies)",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2\nhttps://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw\nhttps://github.com/parallax/jsPDF/pull/3880\nhttps://lk.astra.ru/\nhttps://wiki.astralinux.ru/x/ziLoD",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-770",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,7)"
}
RHSA-2026:6226
Vulnerability from csaf_redhat - Published: 2026-03-31 02:53 - Updated: 2026-04-12 17:10Summary
Red Hat Security Advisory: Multicluster Global Hub 1.6.2 security update
Severity
Important
Notes
Topic: Multicluster Global Hub v1.6.2 general availability release images, which provide security fixes, bug fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details: Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
7.0 (High)
Vendor Fix
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index
https://access.redhat.com/errata/RHSA-2026:6226
An excessive resource consumption flaw has been discovered in the jsPDF npm library. Passing a maliciously crafted PNG file to the library may result in high CPU usage and a denial of service of the program the library is being used in.
5.3 (Medium)
Vendor Fix
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index
https://access.redhat.com/errata/RHSA-2026:6226
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
7.5 (High)
Vendor Fix
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index
https://access.redhat.com/errata/RHSA-2026:6226
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: 'stream'.
5.3 (Medium)
Vendor Fix
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index
https://access.redhat.com/errata/RHSA-2026:6226
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.
7.5 (High)
Vendor Fix
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index
https://access.redhat.com/errata/RHSA-2026:6226
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index
https://access.redhat.com/errata/RHSA-2026:6226
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index
https://access.redhat.com/errata/RHSA-2026:6226
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Vendor Fix
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index
https://access.redhat.com/errata/RHSA-2026:6226
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Vendor Fix
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index
https://access.redhat.com/errata/RHSA-2026:6226
A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a complete denial of service.
7.5 (High)
Vendor Fix
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index
https://access.redhat.com/errata/RHSA-2026:6226
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multicluster Global Hub v1.6.2 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6226",
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-57810",
"url": "https://access.redhat.com/security/cve/CVE-2025-57810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58754",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59343",
"url": "https://access.redhat.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27571",
"url": "https://access.redhat.com/security/cve/CVE-2026-27571"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6226.json"
}
],
"title": "Red Hat Security Advisory: Multicluster Global Hub 1.6.2 security update",
"tracking": {
"current_release_date": "2026-04-12T17:10:47+00:00",
"generator": {
"date": "2026-04-12T17:10:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:6226",
"initial_release_date": "2026-03-31T02:53:32+00:00",
"revision_history": [
{
"date": "2026-03-31T02:53:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-31T02:53:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-12T17:10:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Multicluster Global Hub 1.6.2",
"product": {
"name": "Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.6::el9"
}
}
}
],
"category": "product_family",
"name": "Multicluster Global Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ab7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Af244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3A9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774364330"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ad4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ab59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Acbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ab5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Abe5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-57810",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-08-26T16:01:25.508363+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2391077"
}
],
"notes": [
{
"category": "description",
"text": "An excessive resource consumption flaw has been discovered in the jsPDF npm library. Passing a maliciously crafted PNG file to the library may result in high CPU usage and a denial of service of the program the library is being used in.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jspdf: jsPDF Denial of Service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability impact of this flaw is limited on Red Hat systems as the host operating system is not at risk of degradation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-57810"
},
{
"category": "external",
"summary": "RHBZ#2391077",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391077"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-57810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57810"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9",
"url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/pull/3880",
"url": "https://github.com/parallax/jsPDF/pull/3880"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2",
"url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
}
],
"release_date": "2025-08-26T15:37:28.071000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jspdf: jsPDF Denial of Service (DoS)"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-12T02:00:53.897605+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394735"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.\nThis path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: \u0027stream\u0027.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios DoS via lack of data size check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impact is limited to the application which bundles axios and not the host Red Hat system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "RHBZ#2394735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/7011",
"url": "https://github.com/axios/axios/pull/7011"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.12.0",
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"release_date": "2025-09-12T01:16:40.513000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios DoS via lack of data size check"
},
{
"cve": "CVE-2025-59343",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-09-24T18:01:19.612438+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397901"
}
],
"notes": [
{
"category": "description",
"text": "A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: tar-fs symlink validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "RHBZ#2397901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09",
"url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
}
],
"release_date": "2025-09-24T17:43:34.728000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: tar-fs symlink validation bypass"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-27571",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-02-24T17:04:11.684134+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442401"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: WebSockets pre-auth memory DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not require valid NATS credentials to be exploited as the use of compression is negotiated before the authentication process. However, only deployments using WebSockets and that are exposed to untrusted network endpoints are vulnerable to this issue, limiting its exposure. Due to these reasons, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27571"
},
{
"category": "external",
"summary": "RHBZ#2442401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442401"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27571",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27571"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27571",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27571"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017",
"url": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12",
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3",
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw"
}
],
"release_date": "2026-02-24T15:59:17.926000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nats-server: WebSockets pre-auth memory DoS"
}
]
}
GHSA-8MVJ-3J78-4QMW
Vulnerability from github – Published: 2025-08-26 16:19 – Updated: 2025-09-10 21:07
VLAI?
Summary
jsPDF Denial of Service (DoS)
Details
Impact
User control of the first argument of the addImage method results in CPU utilization and denial of service.
If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service.
Other affected methods are: html.
Example payload:
import { jsPDF } from "jspdf"
const payload = new Uint8Array([117, 171, 90, 253, 166, 154, 105, 166, 154])
const doc = new jsPDF();
const startTime = performance.now();
try {
doc.addImage(payload, "PNG", 10, 40, 180, 180, undefined, "SLOW");
} finally {
const endTime = performance.now();
console.log(`Call to doc.addImage took ${endTime - startTime} milliseconds`);
}
Patches
The vulnerability was fixed in jsPDF 3.0.2. Upgrade to jspdf@>=3.0.2.
In jspdf@>=3.0.2, invalid PNG files throw an Error instead of causing very long running loops.
Workarounds
Sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
Credits
Researcher: Aleksey Solovev (Positive Technologies)
Severity ?
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.0.1"
},
"package": {
"ecosystem": "npm",
"name": "jspdf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-57810"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-26T16:19:04Z",
"nvd_published_at": "2025-08-26T16:15:37Z",
"severity": "HIGH"
},
"details": "### Impact\nUser control of the first argument of the addImage method results in CPU utilization and denial of service.\n\nIf given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service.\n\nOther affected methods are: `html`.\n\nExample payload:\n\n```js\nimport { jsPDF } from \"jspdf\" \n\nconst payload = new Uint8Array([117, 171, 90, 253, 166, 154, 105, 166, 154])\n\nconst doc = new jsPDF();\nconst startTime = performance.now();\ntry {\n doc.addImage(payload, \"PNG\", 10, 40, 180, 180, undefined, \"SLOW\");\n} finally {\n const endTime = performance.now();\n console.log(`Call to doc.addImage took ${endTime - startTime} milliseconds`);\n}\n```\n\n### Patches\nThe vulnerability was fixed in jsPDF 3.0.2. Upgrade to jspdf@\u003e=3.0.2.\n\nIn jspdf@\u003e=3.0.2, invalid PNG files throw an Error instead of causing very long running loops.\n\n### Workarounds\nSanitize image data or URLs before passing it to the addImage method or one of the other affected methods.\n\n### Credits\nResearcher: Aleksey Solovev (Positive Technologies)",
"id": "GHSA-8mvj-3j78-4qmw",
"modified": "2025-09-10T21:07:04Z",
"published": "2025-08-26T16:19:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57810"
},
{
"type": "WEB",
"url": "https://github.com/parallax/jsPDF/pull/3880"
},
{
"type": "WEB",
"url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
},
{
"type": "PACKAGE",
"url": "https://github.com/parallax/jsPDF"
},
{
"type": "WEB",
"url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "jsPDF Denial of Service (DoS)"
}
FKIE_CVE-2025-57810
Vulnerability from fkie_nvd - Published: 2025-08-26 16:15 - Updated: 2025-09-09 18:56
Severity ?
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9 | Patch | |
| security-advisories@github.com | https://github.com/parallax/jsPDF/pull/3880 | Issue Tracking | |
| security-advisories@github.com | https://github.com/parallax/jsPDF/releases/tag/v3.0.2 | Release Notes | |
| security-advisories@github.com | https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw | Exploit, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:parall:jspdf:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "BF3183E6-8532-49EF-89D6-3F8C80072A34",
"versionEndExcluding": "3.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2."
},
{
"lang": "es",
"value": "jsPDF es una librer\u00eda para generar archivos PDF en JavaScript. Antes de la versi\u00f3n 3.0.2, el control del usuario sobre el primer argumento del m\u00e9todo addImage provocaba un alto consumo de CPU y una denegaci\u00f3n de servicio. Si se le permit\u00eda pasar datos de imagen o URL no depuradas al m\u00e9todo addImage, un usuario pod\u00eda proporcionar un archivo PNG da\u00f1ino que provocaba un alto consumo de CPU y una denegaci\u00f3n de servicio. Esta vulnerabilidad se corrigi\u00f3 en jsPDF 3.0.2."
}
],
"id": "CVE-2025-57810",
"lastModified": "2025-09-09T18:56:24.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-26T16:15:37.827",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/parallax/jsPDF/pull/3880"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…