Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-10143 (GCVE-0-2026-10143)
Vulnerability from cvelistv5 – Published: 2026-06-10 20:22 – Updated: 2026-07-17 12:04| URL | Tags |
|---|---|
| https://github.com/dpkp/kafka-python/pull/3019 | issue-tracking |
| https://github.com/dpkp/kafka-python/commit/6e483… | patch |
| https://github.com/dpkp/kafka-python/pull/3026 | issue-tracking |
| https://www.vulncheck.com/advisories/kafka-python… | third-party-advisory |
| https://access.redhat.com/security/cve/CVE-2026-10143 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2487722 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:33683 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:30076 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:41066 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:28571 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Dana Powers | kafka-python |
Affected:
0 , < 2.3.2
(git)
|
|
| Red Hat | Red Hat Quay 3.10 |
Unaffected:
1782487717 , < *
(rpm)
cpe:/a:redhat:quay:3.10::el8 |
|
| Red Hat | Red Hat Quay 3.12 |
Unaffected:
1781937357 , < *
(rpm)
cpe:/a:redhat:quay:3.12::el8 |
|
| Red Hat | Red Hat Quay 3.16 |
Unaffected:
1783955846 , < *
(rpm)
cpe:/a:redhat:quay:3.16::el9 |
|
| Red Hat | Red Hat Quay 3.9 |
Unaffected:
1781878070 , < *
(rpm)
cpe:/a:redhat:quay:3.9::el8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T13:10:04.299411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T13:24:52.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"packageName": "quay/quay-rhel8",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782487717",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"packageName": "quay/quay-rhel8",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781937357",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"packageName": "quay/quay-rhel9",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1783955846",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"packageName": "quay/quay-rhel8",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781878070",
"versionType": "rpm"
}
]
}
],
"datePublic": "2026-06-10T20:22:39.262Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client\u0027s event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-606",
"description": "Unchecked Input for Loop Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T12:04:41.966Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"name": "RHBZ#2487722",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487722"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10143.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:33683: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:30076: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:41066: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:28571: Red Hat Quay 3.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-10T21:02:14.712Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-10T20:22:39.262Z",
"value": "Made public."
}
],
"title": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/dpkp/kafka-python",
"defaultStatus": "unknown",
"product": "kafka-python",
"vendor": "Dana Powers",
"versions": [
{
"lessThan": "2.3.2",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dpkp:kafka-python:*:*:*:*:*:python:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Katriel Moses"
}
],
"datePublic": "2026-06-10T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ekafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.\u003c/p\u003e"
}
],
"value": "kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T15:53:04.070Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/dpkp/kafka-python/pull/3019"
},
{
"tags": [
"patch"
],
"url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/dpkp/kafka-python/pull/3026"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "kafka-python prior to 2.3.2 DoS via SCRAM Iteration Count in scram.py"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-10143",
"datePublished": "2026-06-10T20:22:39.262Z",
"dateReserved": "2026-05-29T21:38:34.147Z",
"dateUpdated": "2026-07-17T12:04:41.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-10143",
"date": "2026-07-19",
"epss": "0.00517",
"percentile": "0.40553"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-10143\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-06-10T22:16:55.503\",\"lastModified\":\"2026-07-17T13:17:53.833\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.\"}],\"affected\":[{\"source\":\"disclosure@vulncheck.com\",\"affectedData\":[{\"vendor\":\"Dana Powers\",\"product\":\"kafka-python\",\"defaultStatus\":\"unknown\",\"collectionURL\":\"https://github.com/dpkp/kafka-python\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"2.3.2\",\"versionType\":\"git\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.10\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"quay/quay-rhel8\",\"cpes\":[\"cpe:/a:redhat:quay:3.10::el8\"],\"versions\":[{\"version\":\"1782487717\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.12\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"quay/quay-rhel8\",\"cpes\":[\"cpe:/a:redhat:quay:3.12::el8\"],\"versions\":[{\"version\":\"1781937357\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.16\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"quay/quay-rhel9\",\"cpes\":[\"cpe:/a:redhat:quay:3.16::el9\"],\"versions\":[{\"version\":\"1783955846\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"quay/quay-rhel8\",\"cpes\":[\"cpe:/a:redhat:quay:3.9::el8\"],\"versions\":[{\"version\":\"1781878070\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-11T13:10:04.299411Z\",\"id\":\"CVE-2026-10143\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-606\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpkp:kafka-python:*:*:*:*:*:python:*:*\",\"versionEndExcluding\":\"2.3.2\",\"matchCriteriaId\":\"6E5BAD52-2501-4C08-AFC6-8958B4974860\"}]}]}],\"references\":[{\"url\":\"https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/dpkp/kafka-python/pull/3019\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/dpkp/kafka-python/pull/3026\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28571\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30076\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33683\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:41066\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-10143\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2487722\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10143.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-18T22:11:39+00:00",
"cve": "CVE-2026-10143",
"id": "CVE-2026-10143",
"initial_release_date": "2026-06-10T20:22:39.262000+00:00",
"product_status:fixed": "14",
"product_status:known_not_affected": "81",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10143.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:quay:3.10::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1782487717\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"quay/quay-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.12::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.12\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1781937357\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"quay/quay-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.16\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1783955846\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"quay/quay-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1781878070\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"quay/quay-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-06-10T21:02:14.712Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-06-10T20:22:39.262Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:33683: Red Hat Quay 3.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30076: Red Hat Quay 3.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:41066: Red Hat Quay 3.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28571: Red Hat Quay 3.9\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-06-10T20:22:39.262Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-10143\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2487722\", \"name\": \"RHBZ#2487722\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10143.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33683\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30076\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:41066\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28571\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client\u0027s event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-606\", \"description\": \"Unchecked Input for Loop Condition\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-17T12:04:41.966Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-10143\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-11T13:10:04.299411Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-11T13:22:30.326Z\"}}], \"cna\": {\"title\": \"kafka-python prior to 2.3.2 DoS via SCRAM Iteration Count in scram.py\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Katriel Moses\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Dana Powers\", \"product\": \"kafka-python\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.3.2\", \"versionType\": \"git\"}], \"collectionURL\": \"https://github.com/dpkp/kafka-python\", \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2026-06-10T20:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/dpkp/kafka-python/pull/3019\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/dpkp/kafka-python/pull/3026\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py\", \"tags\": [\"third-party-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003ekafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:dpkp:kafka-python:*:*:*:*:*:python:*:*\", \"vulnerable\": true}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-07-14T15:53:04.070Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-10143\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-17T12:04:41.966Z\", \"dateReserved\": \"2026-05-29T21:38:34.147Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-06-10T20:22:39.262Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-10143
Vulnerability from fkie_nvd - Published: 2026-06-10 22:16 - Updated: 2026-07-17 13:177.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Vendor | Product | Version | |
|---|---|---|---|
| dpkp | kafka-python | * |
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://github.com/dpkp/kafka-python",
"defaultStatus": "unknown",
"product": "kafka-python",
"vendor": "Dana Powers",
"versions": [
{
"lessThan": "2.3.2",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"source": "disclosure@vulncheck.com"
},
{
"affectedData": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"packageName": "quay/quay-rhel8",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782487717",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"packageName": "quay/quay-rhel8",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781937357",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"packageName": "quay/quay-rhel9",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1783955846",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"packageName": "quay/quay-rhel8",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781878070",
"versionType": "rpm"
}
]
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dpkp:kafka-python:*:*:*:*:*:python:*:*",
"matchCriteriaId": "6E5BAD52-2501-4C08-AFC6-8958B4974860",
"versionEndExcluding": "2.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures."
}
],
"id": "CVE-2026-10143",
"lastModified": "2026-07-17T13:17:53.833",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-10143",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T13:10:04.299411Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-10T22:16:55.503",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Patch"
],
"url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/dpkp/kafka-python/pull/3019"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/dpkp/kafka-python/pull/3026"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487722"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10143.json"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-606"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
]
}
GHSA-2JCM-HQ8R-84WX
Vulnerability from github – Published: 2026-06-11 00:32 – Updated: 2026-07-01 15:34kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.
{
"affected": [],
"aliases": [
"CVE-2026-10143"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-606"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-10T22:16:55Z",
"severity": "HIGH"
},
"details": "kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.",
"id": "GHSA-2jcm-hq8r-84wx",
"modified": "2026-07-01T15:34:53Z",
"published": "2026-06-11T00:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143"
},
{
"type": "WEB",
"url": "https://github.com/dpkp/kafka-python/pull/3019"
},
{
"type": "WEB",
"url": "https://github.com/dpkp/kafka-python/pull/3026"
},
{
"type": "WEB",
"url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487722"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10143.json"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
PYSEC-2026-2191
Vulnerability from pysec - Published: 2026-06-10 22:16 - Updated: 2026-07-13 05:49kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.
| Name | purl | kafka-python | pkg:pypi/kafka-python |
|---|
{
"affected": [
{
"ecosystem_specific": {},
"package": {
"ecosystem": "PyPI",
"name": "kafka-python",
"purl": "pkg:pypi/kafka-python"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.9.0",
"0.9.1",
"0.9.2",
"0.9.3",
"0.9.4",
"0.9.5",
"1.0.0",
"1.0.1",
"1.0.2",
"1.1.0",
"1.1.1",
"1.2.0",
"1.2.1",
"1.2.2",
"1.2.3",
"1.2.4",
"1.2.5",
"1.3.0",
"1.3.1",
"1.3.2",
"1.3.3",
"1.3.4",
"1.3.5",
"1.4.0",
"1.4.1",
"1.4.2",
"1.4.3",
"1.4.4",
"1.4.5",
"1.4.6",
"1.4.7",
"2.0.0",
"2.0.1",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0.6",
"2.1.0",
"2.1.1",
"2.1.2",
"2.1.3",
"2.1.4",
"2.1.5",
"2.1.6",
"2.2.0",
"2.2.1",
"2.2.10",
"2.2.11",
"2.2.12",
"2.2.13",
"2.2.14",
"2.2.15",
"2.2.16",
"2.2.17",
"2.2.18",
"2.2.19",
"2.2.2",
"2.2.20",
"2.2.3",
"2.2.4",
"2.2.5",
"2.2.6",
"2.2.7",
"2.2.8",
"2.2.9",
"2.3.0",
"2.3.1"
]
}
],
"aliases": [
"CVE-2026-10143"
],
"details": "kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.",
"id": "PYSEC-2026-2191",
"modified": "2026-07-13T05:49:18.525020Z",
"published": "2026-06-10T22:16:55.503Z",
"references": [
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10143.json"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487722"
},
{
"type": "FIX",
"url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
},
{
"type": "FIX",
"url": "https://github.com/dpkp/kafka-python/pull/3019"
},
{
"type": "FIX",
"url": "https://github.com/dpkp/kafka-python/pull/3026"
},
{
"type": "FIX",
"url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py"
}
],
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
RHSA-2026:28571
Vulnerability from csaf_redhat - Published: 2026-06-23 21:51 - Updated: 2026-07-19 17:31A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 | — |
A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 | — |
A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client's event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 | — |
Workaround
|
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 | — |
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 | — |
Workaround
|
A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.23 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.23",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28571",
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-10143",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48526",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6322",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9277",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28571.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.23",
"tracking": {
"current_release_date": "2026-07-19T17:31:51+00:00",
"generator": {
"date": "2026-07-19T17:31:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:28571",
"initial_release_date": "2026-06-23T21:51:13+00:00",
"revision_history": [
{
"date": "2026-06-23T21:51:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-18T05:32:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T17:31:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1781940738"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781940084"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1781942234"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1781938954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1781939557"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Aa8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620752"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1781938913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1781942833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1781939020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781878070"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781940084"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1781938954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620752"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1781938913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1781939020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Acf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781878070"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781940084"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1781938954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Adda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620752"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1781938913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1781939020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781878070"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6322",
"cwe": {
"id": "CWE-140",
"name": "Improper Neutralization of Delimiters"
},
"discovery_date": "2026-05-05T11:01:00.332189+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI\u0027s intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the `fast-uri` library allows an attacker to bypass security controls in Red Hat products that process Uniform Resource Identifiers (URIs). By crafting a malicious URI with percent-encoded authority delimiters, an attacker can cause the library to incorrectly interpret the URI\u0027s authority, potentially redirecting applications to an unintended domain. This could lead to a bypass of host allowlist checks, redirect validation, or outbound request routing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "RHBZ#2466684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
}
],
"release_date": "2026-05-05T10:29:16.378000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T21:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling"
},
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T21:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-10143",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-06-10T21:02:14.712750+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client\u0027s event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"category": "external",
"summary": "RHBZ#2487722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-10143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b",
"url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/pull/3019",
"url": "https://github.com/dpkp/kafka-python/pull/3019"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/pull/3026",
"url": "https://github.com/dpkp/kafka-python/pull/3026"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py",
"url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py"
}
],
"release_date": "2026-06-10T20:22:39.262000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T21:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T21:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T21:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-48526",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-28T16:01:22.805235+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer\u0027s public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in PyJWT allows for authentication bypass and unauthorized access. It occurs when a JWT verifier is misconfigured to accept both symmetric and asymmetric algorithms, and a public JSON Web Key is erroneously used as the HMAC secret. Red Hat products are only affected if they utilize this specific, non-standard verifier configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "RHBZ#2482734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx"
}
],
"release_date": "2026-05-28T15:09:09.258000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T21:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens"
}
]
}
RHSA-2026:30076
Vulnerability from csaf_redhat - Published: 2026-06-25 18:18 - Updated: 2026-07-19 17:31A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x | — |
A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x | — |
A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client's event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x | — |
Workaround
|
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x | — |
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x | — |
Workaround
|
A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.19 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.19",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:30076",
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-10143",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48526",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6322",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9277",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_30076.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.19",
"tracking": {
"current_release_date": "2026-07-19T17:31:54+00:00",
"generator": {
"date": "2026-07-19T17:31:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:30076",
"initial_release_date": "2026-06-25T18:18:45+00:00",
"revision_history": [
{
"date": "2026-06-25T18:18:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-18T05:32:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T17:31:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1782332457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781937016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1782333480"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1782331980"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1782332470"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1782331838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1782333960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ad977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1782332068"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ab9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781937357"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ab00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781937016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1782331980"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62?arch=arm64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1782331838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1782332068"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781937357"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ad7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781937016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1782331980"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1782331838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1782332068"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ab7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781937357"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Af43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781937016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1782331980"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Adf86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1782331838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Add341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1782332068"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Adb1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781937357"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6322",
"cwe": {
"id": "CWE-140",
"name": "Improper Neutralization of Delimiters"
},
"discovery_date": "2026-05-05T11:01:00.332189+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI\u0027s intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the `fast-uri` library allows an attacker to bypass security controls in Red Hat products that process Uniform Resource Identifiers (URIs). By crafting a malicious URI with percent-encoded authority delimiters, an attacker can cause the library to incorrectly interpret the URI\u0027s authority, potentially redirecting applications to an unintended domain. This could lead to a bypass of host allowlist checks, redirect validation, or outbound request routing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "RHBZ#2466684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
}
],
"release_date": "2026-05-05T10:29:16.378000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T18:18:45+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling"
},
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T18:18:45+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-10143",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-06-10T21:02:14.712750+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client\u0027s event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"category": "external",
"summary": "RHBZ#2487722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-10143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b",
"url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/pull/3019",
"url": "https://github.com/dpkp/kafka-python/pull/3019"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/pull/3026",
"url": "https://github.com/dpkp/kafka-python/pull/3026"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py",
"url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py"
}
],
"release_date": "2026-06-10T20:22:39.262000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T18:18:45+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T18:18:45+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T18:18:45+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-48526",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-28T16:01:22.805235+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer\u0027s public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in PyJWT allows for authentication bypass and unauthorized access. It occurs when a JWT verifier is misconfigured to accept both symmetric and asymmetric algorithms, and a public JSON Web Key is erroneously used as the HMAC secret. Red Hat products are only affected if they utilize this specific, non-standard verifier configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "RHBZ#2482734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx"
}
],
"release_date": "2026-05-28T15:09:09.258000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T18:18:45+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens"
}
]
}
RHSA-2026:33683
Vulnerability from csaf_redhat - Published: 2026-06-30 18:09 - Updated: 2026-07-19 17:31A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x | — |
A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x | — |
A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client's event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x | — |
Workaround
|
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x | — |
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x | — |
Workaround
|
A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.23 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.23",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33683",
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-10143",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48526",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6322",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9277",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33683.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.23",
"tracking": {
"current_release_date": "2026-07-19T17:31:58+00:00",
"generator": {
"date": "2026-07-19T17:31:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:33683",
"initial_release_date": "2026-06-30T18:09:16+00:00",
"revision_history": [
{
"date": "2026-06-30T18:09:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-18T05:32:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T17:31:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.1",
"product": {
"name": "Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1782334437"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ab3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1782332130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Ac8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1782333017"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aa040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1782331379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ada8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1782332508"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ad353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620407"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ae51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1782331561"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1782492284"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Aafa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1782331416"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1782487717"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1782332130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1782331379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620407"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1782331561"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1782331416"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Aa5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1782487717"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1782332130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1782331379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620407"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1782331561"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1782331416"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ac7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1782487717"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6322",
"cwe": {
"id": "CWE-140",
"name": "Improper Neutralization of Delimiters"
},
"discovery_date": "2026-05-05T11:01:00.332189+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI\u0027s intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the `fast-uri` library allows an attacker to bypass security controls in Red Hat products that process Uniform Resource Identifiers (URIs). By crafting a malicious URI with percent-encoded authority delimiters, an attacker can cause the library to incorrectly interpret the URI\u0027s authority, potentially redirecting applications to an unintended domain. This could lead to a bypass of host allowlist checks, redirect validation, or outbound request routing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "RHBZ#2466684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
}
],
"release_date": "2026-05-05T10:29:16.378000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T18:09:16+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling"
},
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T18:09:16+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-10143",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-06-10T21:02:14.712750+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client\u0027s event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"category": "external",
"summary": "RHBZ#2487722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-10143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b",
"url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/pull/3019",
"url": "https://github.com/dpkp/kafka-python/pull/3019"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/pull/3026",
"url": "https://github.com/dpkp/kafka-python/pull/3026"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py",
"url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py"
}
],
"release_date": "2026-06-10T20:22:39.262000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T18:09:16+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T18:09:16+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T18:09:16+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-48526",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-28T16:01:22.805235+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer\u0027s public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in PyJWT allows for authentication bypass and unauthorized access. It occurs when a JWT verifier is misconfigured to accept both symmetric and asymmetric algorithms, and a public JSON Web Key is erroneously used as the HMAC secret. Red Hat products are only affected if they utilize this specific, non-standard verifier configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "RHBZ#2482734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx"
}
],
"release_date": "2026-05-28T15:09:09.258000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T18:09:16+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:25c740738b3511ae6333ad8f32e6c2eac1d3d4fe2c9eeda241906f0a6a96f708_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9313307979bccd1f9bc732df389f1d6c49159ceb74ef9befbb7ae269afe9f9c1_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:e51e41b330d3cf44ef7b5eb1a511096cef98f82495297cd4438693ef2f9a24ef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c8a83d3757c774e0958472661f268783e17d7d0c7a7e4e19e1d380201c43e0d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:09933cf1e12617711f28f19798f355b3c064ab1219179b0692f591f5d1f86b2c_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1a36faf3a63c2f367a1524748d9c4a56fb3910c80af4ead41c6c8a73b5b8eab8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a040e83b9aa90c795751c3163533571c954639fbad350a25f258a3ef2d9669d4_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:da8f01cb4aafaed7f2313329ab905cfd274133fc0b850cda8955d15898245153_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3bf79d70954794dc237f44bbbae4bcec5a5b16fedb3eda79f4f26d3be04c6775_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:65b406622bfd9fadf0d24431277957bafc553d9e7b331f8357c1c7ef8535f0c9_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d353d7214e8bef5f0ee1632da4e6f74bc89495115ab8ce245af5665fefbdb2ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:5040540e6ed9126958497b0b12d1d119eb06f445ca0edeb0f823880d5c936567_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:37510942aee22b6321acb0ef35464da20116b44809efd92a4666435d1a2bd732_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:89403ee27003086a0da369f2087718644bce09eb1571919ce809ea7d6b4e7eeb_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b3d595075321c1cebed49970a2b3746d59415ef08fa4d800a8db58ad716638d0_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:009f4d31d16d3f0a6f942efa8fa1aec77edc9b6f0aae38503b472c0e6bf6b615_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:1eb7d2e819dd5ca1c2062ce1812361d0fe8390cfeed9cc01a1500b8632bfd8c3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:afa0b44ce77545a1fc105b9d0c8b5f1eef715e2f9491f0075bdad4385208f42c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:f486398c18878a624d12a4d82bf6d72f72447ddbdc5a764a6908674a14efad22_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:4ac0ffd9db1d6579f0456752f2fca8b686ce1c62578187f4db7c402f0efb89ea_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a5d427872efcf0c350f89cfae291c8ad808f68123eda0b5163496315f04e2779_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c7bf8d54e019c893484b055de7a2b6938152403cfa4b064054c537fb186998de_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens"
}
]
}
RHSA-2026:41066
Vulnerability from csaf_redhat - Published: 2026-07-16 19:46 - Updated: 2026-07-19 20:45A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client's event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode (Internationalized Domain Name - IDN) hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when applications use fast-uri to enforce these policies before passing the URL to another parser. A remote attacker could exploit this to circumvent security controls and potentially access unauthorized resources or perform malicious redirects.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. The Verify() method, responsible for FIDO/U2F security key types, did not properly check for user presence. This allowed signatures to be accepted without requiring a physical touch on the hardware security key. As a result, an attacker could potentially use a hardware security key in an unattended manner, bypassing a critical security control designed to ensure user intent.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the unrestricted use of the key on the remote host. This vulnerability could enable an attacker to bypass intended security controls and perform unauthorized actions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to panic and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in Prometheus, an open-source monitoring system. The `client_secret` field within the Azure Active Directory (AD) remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access to the `/-/config` HTTP API endpoint to view the Azure OAuth client secret in plaintext. This vulnerability leads to information disclosure, potentially compromising the security of integrated Azure AD services.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint (`/api/v1/read`) by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service (DoS) by crashing the Prometheus process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in the Golang MIME (Multipurpose Internet Mail Extensions) package. A remote attacker could exploit this vulnerability by sending a maliciously-crafted MIME header containing many invalid encoded-words. This could lead to excessive CPU consumption, resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in the `sanitize-html` library. Under its default configuration, an attacker can embed malicious content within a disallowed `xmp` element. This vulnerability allows the attacker to bypass the HTML sanitization process, leading to stored Cross-Site Scripting (XSS). Successful exploitation can result in arbitrary code execution or information disclosure when a user views the affected content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in the `decode-uri-component` library. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by submitting specially crafted input. The `decode()` function, when processing a large number of encoded URI components, consumes excessive CPU resources, which can lead to the application becoming unresponsive and unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote attacker could send specially crafted inputs to the AES-GCM packet decoder. This could lead to an incorrectly placed cast from bytes to an integer, causing a server-side panic and resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
Workaround
|
A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.16.5 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.16.5",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:41066",
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-10143",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-12143",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-13676",
"url": "https://access.redhat.com/security/cve/CVE-2026-13676"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32591",
"url": "https://access.redhat.com/security/cve/CVE-2026-32591"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39828",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39829",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39830",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39831",
"url": "https://access.redhat.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39832",
"url": "https://access.redhat.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39835",
"url": "https://access.redhat.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42151",
"url": "https://access.redhat.com/security/cve/CVE-2026-42151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42154",
"url": "https://access.redhat.com/security/cve/CVE-2026-42154"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42504",
"url": "https://access.redhat.com/security/cve/CVE-2026-42504"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42508",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44990",
"url": "https://access.redhat.com/security/cve/CVE-2026-44990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45822",
"url": "https://access.redhat.com/security/cve/CVE-2026-45822"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46597",
"url": "https://access.redhat.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48526",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6322",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9277",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_41066.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.16.5",
"tracking": {
"current_release_date": "2026-07-19T20:45:58+00:00",
"generator": {
"date": "2026-07-19T20:45:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:41066",
"initial_release_date": "2026-07-16T19:46:27+00:00",
"revision_history": [
{
"date": "2026-07-16T19:46:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-18T05:32:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T20:45:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.16",
"product": {
"name": "Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1783749869"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel9\u0026tag=1783748085"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1783749615"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel9\u0026tag=1783748414"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1783748503"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel9\u0026tag=1783748231"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Aad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel9\u0026tag=1783749100"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Aca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1783961339"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Ab17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel9\u0026tag=1783748063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel9\u0026tag=1783955846"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel9\u0026tag=1783748085"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel9\u0026tag=1783748414"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel9\u0026tag=1783748231"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel9\u0026tag=1783749100"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel9\u0026tag=1783748063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel9\u0026tag=1783955846"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Aa557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel9\u0026tag=1783748085"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Af51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel9\u0026tag=1783748414"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel9\u0026tag=1783748231"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Aa4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel9\u0026tag=1783749100"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Ac65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel9\u0026tag=1783748063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel9\u0026tag=1783955846"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3Afe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-rhel9\u0026tag=1783955846"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64",
"relates_to_product_reference": "Red Hat Quay 3.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6322",
"cwe": {
"id": "CWE-140",
"name": "Improper Neutralization of Delimiters"
},
"discovery_date": "2026-05-05T11:01:00.332189+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI\u0027s intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the `fast-uri` library allows an attacker to bypass security controls in Red Hat products that process Uniform Resource Identifiers (URIs). By crafting a malicious URI with percent-encoded authority delimiters, an attacker can cause the library to incorrectly interpret the URI\u0027s authority, potentially redirecting applications to an unintended domain. This could lead to a bypass of host allowlist checks, redirect validation, or outbound request routing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "RHBZ#2466684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
}
],
"release_date": "2026-05-05T10:29:16.378000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling"
},
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-10143",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-06-10T21:02:14.712750+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client\u0027s event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"category": "external",
"summary": "RHBZ#2487722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-10143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b",
"url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/pull/3019",
"url": "https://github.com/dpkp/kafka-python/pull/3019"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/pull/3026",
"url": "https://github.com/dpkp/kafka-python/pull/3026"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py",
"url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py"
}
],
"release_date": "2026-06-10T20:22:39.262000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count"
},
{
"cve": "CVE-2026-12143",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-06-12T19:00:57.360953+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488480"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (\") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: form-data: Form field override via CRLF injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important impact flaw in the form-data library: a remote attacker can inject arbitrary headers or additional multipart parts via CRLF injection in field names or filenames, potentially overriding sensitive form fields and affecting data integrity.\n\nFor RHOAI and RHEL AI, severity is Moderate because affected versions appear only as a transitive npm dependency in RHOAI (dashboard, mod-arch plugins, MLflow UI) and RHEL AI 3.4 bootc images, and those products use fixed field names for uploads rather than passing untrusted user input as multipart field names or filenames. The documented exploit path is therefore not reachable in default deployments. Practical impact is limited to non-default or custom integrations that forward multipart requests using attacker-controlled field names.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "RHBZ#2488480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488480"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/93.html",
"url": "https://cwe.mitre.org/data/definitions/93.html"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435",
"url": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229",
"url": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045",
"url": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx"
},
{
"category": "external",
"summary": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data",
"url": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/form-data",
"url": "https://www.npmjs.com/package/form-data"
}
],
"release_date": "2026-06-12T18:01:30.362000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Applications using the `form-data` library should implement strict input validation and sanitization for all field names and filenames derived from untrusted sources. This prevents the injection of control characters (CR, LF, \") that could lead to header injection or form field overrides. Deployments that exclusively use fixed or trusted field names are not impacted.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "form-data: form-data: Form field override via CRLF injection"
},
{
"cve": "CVE-2026-13676",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-06-29T14:01:55.592330+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494197"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode (Internationalized Domain Name - IDN) hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when applications use fast-uri to enforce these policies before passing the URL to another parser. A remote attacker could exploit this to circumvent security controls and potentially access unauthorized resources or perform malicious redirects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in `fast-uri` allows a remote attacker to bypass host-based security policies. Applications that rely on `fast-uri` for URL parsing and policy enforcement, such as denylists or redirect validations, can be circumvented due to inconsistent handling of Unicode hostnames. This discrepancy between `fast-uri` and other URL parsers could lead to unauthorized resource access or malicious redirects in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-13676"
},
{
"category": "external",
"summary": "RHBZ#2494197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494197"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-13676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-13676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-13676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13676"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-4c8g-83qw-93j6",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-4c8g-83qw-93j6"
}
],
"release_date": "2026-06-29T13:22:44.674000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32591",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-03-12T15:09:38.210000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446965"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires the attacker to be authenticated as an organization administrator.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32591"
},
{
"category": "external",
"summary": "RHBZ#2446965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446965"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32591",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32591"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32591",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32591"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39828",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-05-22T04:01:46.775641+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480687"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important security flaw in the `golang.org/x/crypto/ssh` library. When an SSH server utilizing this library is configured with specific authentication callbacks that return a `PartialSuccessError` with non-nil permissions, an attacker could bypass intended certificate restrictions, such as `force-command`. This bypass could lead to unauthorized command execution or access on affected Red Hat systems configured with multi-factor authentication and certificate-based access controls.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "RHBZ#2480687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39828",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39828"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://go.dev/cl/781621",
"url": "https://go.dev/cl/781621"
},
{
"category": "external",
"summary": "https://go.dev/issue/79562",
"url": "https://go.dev/issue/79562"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5014",
"url": "https://pkg.go.dev/vuln/GO-2026-5014"
}
],
"release_date": "2026-05-22T02:31:26.883000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions"
},
{
"cve": "CVE-2026-39829",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-05-22T04:01:30.092249+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in golang.org/x/crypto/ssh is rated as Important. An unauthenticated remote attacker could trigger a denial of service by providing a specially crafted public key with excessively large parameters during SSH public key authentication. This could lead to prolonged CPU consumption on the server, impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "RHBZ#2480681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://go.dev/cl/781641",
"url": "https://go.dev/cl/781641"
},
{
"category": "external",
"summary": "https://go.dev/cl/781661",
"url": "https://go.dev/cl/781661"
},
{
"category": "external",
"summary": "https://go.dev/issue/79565",
"url": "https://go.dev/issue/79565"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5018",
"url": "https://pkg.go.dev/vuln/GO-2026-5018"
}
],
"release_date": "2026-05-22T02:31:27.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters"
},
{
"cve": "CVE-2026-39830",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-05-22T04:01:38.517202+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection\u0027s read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in `golang.org/x/crypto/ssh`. A remote, unauthenticated attacker can exploit this vulnerability by sending unsolicited global request responses to an affected SSH server, leading to resource exhaustion and a denial of service. The impact is considered Important due to the potential for unauthenticated remote disruption of services utilizing the vulnerable SSH library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "RHBZ#2480684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39830",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39830"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://go.dev/cl/781640",
"url": "https://go.dev/cl/781640"
},
{
"category": "external",
"summary": "https://go.dev/cl/781664",
"url": "https://go.dev/cl/781664"
},
{
"category": "external",
"summary": "https://go.dev/issue/79564",
"url": "https://go.dev/issue/79564"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5017",
"url": "https://pkg.go.dev/vuln/GO-2026-5017"
}
],
"release_date": "2026-05-22T02:31:27.208000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "To mitigate this denial of service vulnerability, restrict network access to any service that utilizes the `golang.org/x/crypto/ssh` library and is exposed to untrusted networks. Implement firewall rules to allow connections only from trusted hosts or networks. This action limits the ability of malicious peers to send unsolicited global request responses. A restart of the affected service may be necessary for the new network rules to be applied effectively.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses"
},
{
"cve": "CVE-2026-39831",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-22T04:01:12.861178+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480675"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. The Verify() method, responsible for FIDO/U2F security key types, did not properly check for user presence. This allowed signatures to be accepted without requiring a physical touch on the hardware security key. As a result, an attacker could potentially use a hardware security key in an unattended manner, bypassing a critical security control designed to ensure user intent.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "RHBZ#2480675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480675"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39831",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39831"
},
{
"category": "external",
"summary": "https://go.dev/cl/781662",
"url": "https://go.dev/cl/781662"
},
{
"category": "external",
"summary": "https://go.dev/issue/79566",
"url": "https://go.dev/issue/79566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5019",
"url": "https://pkg.go.dev/vuln/GO-2026-5019"
}
],
"release_date": "2026-05-22T02:31:27.436000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check"
},
{
"cve": "CVE-2026-39832",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-05-22T04:01:41.402561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the unrestricted use of the key on the remote host. This vulnerability could enable an attacker to bypass intended security controls and perform unauthorized actions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in `golang.org/x/crypto/ssh/agent` allows for a security bypass when SSH keys with destination restrictions are forwarded via an SSH agent. This flaw could lead to unintended exposure of SSH keys, enabling an attacker to use the forwarded key without the specified restrictions on remote hosts. Red Hat products utilizing `golang.org/x/crypto/ssh/agent` for key forwarding may be affected if users rely on constraint extensions for limiting key usage.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "RHBZ#2480685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39832",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39832"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39832",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39832"
},
{
"category": "external",
"summary": "https://go.dev/cl/778642",
"url": "https://go.dev/cl/778642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79435",
"url": "https://go.dev/issue/79435"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5006",
"url": "https://pkg.go.dev/vuln/GO-2026-5006"
}
],
"release_date": "2026-05-22T02:31:26.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions"
},
{
"cve": "CVE-2026-39835",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-22T04:01:27.279943+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480680"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to panic and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in `golang.org/x/crypto/ssh` affecting SSH servers that utilize `CertChecker` as a public key callback without explicitly configuring `IsUserAuthority` or `IsHostAuthority`. A remote, unauthenticated attacker can trigger a server panic by presenting a specially crafted certificate, leading to service disruption. Exploitation requires a specific, non-default configuration of the `CertChecker`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "RHBZ#2480680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480680"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39835"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39835",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39835"
},
{
"category": "external",
"summary": "https://go.dev/cl/781660",
"url": "https://go.dev/cl/781660"
},
{
"category": "external",
"summary": "https://go.dev/issue/79563",
"url": "https://go.dev/issue/79563"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5015",
"url": "https://pkg.go.dev/vuln/GO-2026-5015"
}
],
"release_date": "2026-05-22T02:31:26.982000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
},
{
"cve": "CVE-2026-42151",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"discovery_date": "2026-05-04T19:02:26.983660+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Prometheus, an open-source monitoring system. The `client_secret` field within the Azure Active Directory (AD) remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access to the `/-/config` HTTP API endpoint to view the Azure OAuth client secret in plaintext. This vulnerability leads to information disclosure, potentially compromising the security of integrated Azure AD services.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important information disclosure flaw in Prometheus affects instances configured to use Azure AD remote write with OAuth authentication. The client secret, intended to be a secure credential, is exposed in plaintext through the `/-/config` HTTP API endpoint. This could allow an attacker with access to this endpoint to retrieve the secret, potentially compromising integrated Azure AD services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42151"
},
{
"category": "external",
"summary": "RHBZ#2466507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42151"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/pull/18587",
"url": "https://github.com/prometheus/prometheus/pull/18587"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/pull/18590",
"url": "https://github.com/prometheus/prometheus/pull/18590"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/security/advisories/GHSA-wg65-39gg-5wfj",
"url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-wg65-39gg-5wfj"
}
],
"release_date": "2026-05-04T18:12:16.917000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API"
},
{
"cve": "CVE-2026-42154",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-04T19:02:19.626646+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466505"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint (`/api/v1/read`) by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service (DoS) by crashing the Prometheus process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Prometheus, allowing an unauthenticated remote attacker to crash the Prometheus process. This could lead to service unavailability in Red Hat products that deploy Prometheus for monitoring, as the remote read endpoint does not properly validate snappy-compressed request lengths.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42154"
},
{
"category": "external",
"summary": "RHBZ#2466505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466505"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42154",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42154"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42154"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/pull/18584",
"url": "https://github.com/prometheus/prometheus/pull/18584"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/pull/18585",
"url": "https://github.com/prometheus/prometheus/pull/18585"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/security/advisories/GHSA-8rm2-7qqf-34qm",
"url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-8rm2-7qqf-34qm"
}
],
"release_date": "2026-05-04T18:13:12.340000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
},
{
"cve": "CVE-2026-42504",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-02T23:01:00.320527+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2484204"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang MIME (Multipurpose Internet Mail Extensions) package. A remote attacker could exploit this vulnerability by sending a maliciously-crafted MIME header containing many invalid encoded-words. This could lead to excessive CPU consumption, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important severity flaw. A remote attacker could trigger a Denial of Service by sending a crafted MIME header with numerous invalid encoded-words to an application utilizing the affected Golang MIME package. This could lead to excessive CPU consumption on the system processing the malformed header, impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42504"
},
{
"category": "external",
"summary": "RHBZ#2484204",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484204"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42504",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42504"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42504",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42504"
},
{
"category": "external",
"summary": "https://go.dev/cl/774481",
"url": "https://go.dev/cl/774481"
},
{
"category": "external",
"summary": "https://go.dev/issue/79217",
"url": "https://go.dev/issue/79217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw",
"url": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5038",
"url": "https://pkg.go.dev/vuln/GO-2026-5038"
}
],
"release_date": "2026-06-02T22:01:37.219000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "To mitigate this issue, restrict network access to services that process MIME headers from untrusted sources. Implement input validation and sanitization for all incoming data, especially MIME headers, to prevent maliciously crafted content from being processed by applications utilizing the vulnerable Golang MIME package.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header"
},
{
"cve": "CVE-2026-42508",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-22T04:01:49.515058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in `golang.org/x/crypto/ssh/knownhosts` allows a remote attacker to bypass security checks. This vulnerability arises because the system fails to properly verify the revocation status of a Certificate Authority (CA) `SignatureKey`. In Red Hat environments, this could enable an attacker to present a revoked key, leading to its acceptance as valid and potentially granting unauthorized access or facilitating the spoofing of legitimate entities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "RHBZ#2480688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42508"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://go.dev/cl/781220",
"url": "https://go.dev/cl/781220"
},
{
"category": "external",
"summary": "https://go.dev/issue/79568",
"url": "https://go.dev/issue/79568"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5021",
"url": "https://pkg.go.dev/vuln/GO-2026-5021"
}
],
"release_date": "2026-05-22T02:31:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in the Axios Node.js HTTP adapter. Red Hat products utilizing Axios in a Node.js environment with an authenticated proxy and automatic redirects enabled are susceptible. The vulnerability arises when a request, initially sent through an authenticated proxy, is redirected to a target that no longer uses the proxy, potentially leaking `Proxy-Authorization` headers containing sensitive credentials to an untrusted remote server. This risk is heightened in deployments where applications interact with untrusted HTTP origins.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Axios, a JavaScript HTTP client library, that allows for a proxy bypass. When a `NO_PROXY` environment variable is configured to prevent direct connections to specific IPv4 addresses, an attacker can craft a request URL using the IPv4-mapped IPv6 address format. This bypasses the intended `NO_PROXY` exclusion, routing the request through the configured proxy and potentially exposing internal services or sensitive information, such as cloud instance metadata credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the Axios library allows an attacker to escalate existing prototype pollution vulnerabilities within an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. By injecting a malicious proxy configuration into the `Object.prototype`, an attacker can intercept, read, and modify all HTTP traffic, including sensitive authentication credentials, without direct user interaction. This poses a significant risk to data confidentiality and integrity in Red Hat products that utilize the Axios library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-44990",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-06-12T21:02:24.911971+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488565"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `sanitize-html` library. Under its default configuration, an attacker can embed malicious content within a disallowed `xmp` element. This vulnerability allows the attacker to bypass the HTML sanitization process, leading to stored Cross-Site Scripting (XSS). Successful exploitation can result in arbitrary code execution or information disclosure when a user views the affected content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sanitize-html: `sanitize-html`: Stored Cross-Site Scripting via HTML sanitizer bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. The `sanitize-html` library, used in Red Hat products, is susceptible to a stored Cross-Site Scripting (XSS) bypass. Malicious content within a disallowed `xmp` element can be rendered as live HTML or JavaScript due to a sanitizer bypass in the default configuration. This can lead to arbitrary code execution or information disclosure when affected content is viewed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44990"
},
{
"category": "external",
"summary": "RHBZ#2488565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488565"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44990"
},
{
"category": "external",
"summary": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643",
"url": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643"
}
],
"release_date": "2026-06-12T20:39:47.065000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sanitize-html: `sanitize-html`: Stored Cross-Site Scripting via HTML sanitizer bypass"
},
{
"cve": "CVE-2026-45822",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-30T09:01:06.468966+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494807"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `decode-uri-component` library. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by submitting specially crafted input. The `decode()` function, when processing a large number of encoded URI components, consumes excessive CPU resources, which can lead to the application becoming unresponsive and unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "decode-uri-component: decode-uri-component: Denial of Service via crafted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A denial of service flaw was found in the decode-uri-component npm package. The decode() function exhibits super-linear time complexity when processing input containing many percent-encoded sequences, allowing an attacker to cause significant CPU consumption and event-loop blocking. In Red Hat products where this package is bundled (OpenShift Console, Quay, Pipelines, RHOAI, and others), exploitation requires that attacker-controlled input containing crafted percent-encoded strings reaches the decode() function without prior length validation. Red Hat rates this as Moderate severity since the impact is limited to availability with no confidentiality or integrity impact, consistent with the CNA\u0027s CVSS 4.0 assessment of 6.6 Medium.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45822"
},
{
"category": "external",
"summary": "RHBZ#2494807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494807"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45822",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45822"
},
{
"category": "external",
"summary": "https://github.com/SamVerschueren/decode-uri-component/blob/00662938dc7c6241547ae8abce7785cc13ffd3f6/index.js",
"url": "https://github.com/SamVerschueren/decode-uri-component/blob/00662938dc7c6241547ae8abce7785cc13ffd3f6/index.js"
},
{
"category": "external",
"summary": "https://github.com/SamVerschueren/decode-uri-component/commit/fa479dafeede7bedf04e5c89aa78f2a78c664005",
"url": "https://github.com/SamVerschueren/decode-uri-component/commit/fa479dafeede7bedf04e5c89aa78f2a78c664005"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/decode-uri-component",
"url": "https://www.npmjs.com/package/decode-uri-component"
}
],
"release_date": "2026-06-30T08:05:36.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Validate and limit the length of any user-controlled input before passing it to decode-uri-component\u0027s decode() function. Inputs containing more than approximately 200 percent-encoded tokens (e.g. \u0027%ab\u0027 sequences) can trigger noticeable delays. Reject or truncate URI components exceeding a reasonable length threshold before decoding. A fix exists in the upstream repository (commit fa479daf) but has not yet been included in an npm release.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "decode-uri-component: decode-uri-component: Denial of Service via crafted input"
},
{
"cve": "CVE-2026-46597",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2026-05-22T04:01:21.721980+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480678"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote attacker could send specially crafted inputs to the AES-GCM packet decoder. This could lead to an incorrectly placed cast from bytes to an integer, causing a server-side panic and resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in `golang.org/x/crypto/ssh` allows a remote attacker to trigger a server-side panic by sending specially crafted inputs to the AES-GCM packet decoder. This vulnerability could lead to service unavailability in Red Hat products that incorporate and expose SSH services built with the affected `golang.org/x/crypto/ssh` component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "RHBZ#2480678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46597"
},
{
"category": "external",
"summary": "https://go.dev/cl/781620",
"url": "https://go.dev/cl/781620"
},
{
"category": "external",
"summary": "https://go.dev/issue/79561",
"url": "https://go.dev/issue/79561"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5013",
"url": "https://pkg.go.dev/vuln/GO-2026-5013"
}
],
"release_date": "2026-05-22T02:31:26.754000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs"
},
{
"cve": "CVE-2026-48526",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-28T16:01:22.805235+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer\u0027s public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in PyJWT allows for authentication bypass and unauthorized access. It occurs when a JWT verifier is misconfigured to accept both symmetric and asymmetric algorithms, and a public JSON Web Key is erroneously used as the HMAC secret. Red Hat products are only affected if they utilize this specific, non-standard verifier configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "RHBZ#2482734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx"
}
],
"release_date": "2026-05-28T15:09:09.258000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-16T19:46:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:41066"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:7df4998918f382d98fa22a78f6390cd74fc61f7c4bdfebfcc521223012e58f94_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:a4ebf6125dc9f3ec9619b4ef3bc656f32e4f954f758393287e353608f1f22158_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:ad21b5b3e9be86e46da017c3f6c5f21a8ecd5589ec7b8fcfa238a737205a3143_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1968b253b36566be2ad09057e3249147a3cc292713e538669d1b75460bec6ace_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3db8bd709ba6e311052f18c8dbcff80907229c33b9bac63a716f3fb3d4fa7358_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:7d4593286c5b733c8ed5ab2c255c762628c6438e68f10e6ee25582c91d628de4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f51f40e95d73d6ccdc36caa2184a3e2fef4cf9cc0ced017bc7db890ea0a27293_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6716128c395abd6d293c7fdfee76e1f7e3701cbe400befc4e8bc2922db7d0101_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:30689606ecbebba668c36a16892b0e6f7e0c1868933143fa078e7abaea380544_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:50ef0b22a4630bdd2e7355d7284b94aa33c5f424a218d55cb26224a3001cb484_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:75dae1dc7c81d7657ffc4317d80898afe45a0dd78d8739465b7cc95a15f481b8_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:892c8bae38073747321083d3cb6fe0fbd2b1ab6547f8bbbf42f5cd6eac895ed1_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:45713ba39b951f894271777aefa5e7e0f4015d592a3e0a40cca680396f726ca3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:6a208c36a417a6d0b5223f6ddc4b98c2f007ac209db2b2d70875bda6b84b6e42_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a557d7fb863fb489c60709ac34eaa5c7c2d66961770a8359794e6ec21bd12840_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:ca805ae1448ab106b9b486d158c5c27e27b9bbe0bcc8d11529c3fd521d674a6c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3a01cd1d9559dbb9a1e8ae6c2bdcafe9596e3225b870cfbf725ea67a5a89e238_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b17a240fd3c7032b9f098c9a3369a52ee4afaa23aa97a35936bf3fd44243681c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c65a8c8d6dc0a191959b7e6d3f8f60afccf49d318d18080d91a059a6163ca4d4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:197e328cbe22d79da1589720fc5dc79874c84dcbe78928efedb2de9ad8a756a9_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:5bab84aa3a13566f9c38af03862416cc1d6aa5b3a81090bef72d05a9aafe221b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:71ee2ea79064730fbb9682fdd30dc7a455bf5a0a3b0297bdc264f2936876f62a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:fe189be7d6cc775261c6b7fb58bc9badac2411647874d330d8de6e7f02569230_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens"
}
]
}
ubuntu-cve-2026-10143
Vulnerability from osv_ubuntu
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python-kafka",
"binary_version": "0.9.3-2"
},
{
"binary_name": "python3-kafka",
"binary_version": "0.9.3-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "python-kafka",
"purl": "pkg:deb/ubuntu/python-kafka@0.9.3-2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.9.3-2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python-kafka",
"binary_version": "1.3.2-0ubuntu1"
},
{
"binary_name": "python3-kafka",
"binary_version": "1.3.2-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "python-kafka",
"purl": "pkg:deb/ubuntu/python-kafka@1.3.2-0ubuntu1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.3.2-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-kafka",
"binary_version": "1.4.6-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "python-kafka",
"purl": "pkg:deb/ubuntu/python-kafka@1.4.6-1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.4.3-1",
"1.4.6-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-kafka",
"binary_version": "2.0.2-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "python-kafka",
"purl": "pkg:deb/ubuntu/python-kafka@2.0.2-2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.1-2",
"2.0.2-2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-kafka",
"binary_version": "2.0.2-5"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "python-kafka",
"purl": "pkg:deb/ubuntu/python-kafka@2.0.2-5?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.2-4",
"2.0.2-5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-kafka",
"binary_version": "2.0.2-9"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "python-kafka",
"purl": "pkg:deb/ubuntu/python-kafka@2.0.2-9?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.2-9"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-kafka",
"binary_version": "2.0.2-11"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "python-kafka",
"purl": "pkg:deb/ubuntu/python-kafka@2.0.2-11?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.2-9",
"2.0.2-10",
"2.0.2-11"
]
}
],
"aliases": [],
"details": "kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.",
"id": "UBUNTU-CVE-2026-10143",
"modified": "2026-06-30T16:18:41Z",
"published": "2026-06-10T22:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-10143"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10143"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487722"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-10143"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.