Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-28498 (GCVE-0-2026-28498)
Vulnerability from cvelistv5 – Published: 2026-03-16 18:03 – Updated: 2026-07-01 12:04| URL | Tags |
|---|---|
| https://github.com/authlib/authlib/security/advis… | x_refsource_CONFIRM |
| https://github.com/authlib/authlib/commit/b9bb2b2… | x_refsource_MISC |
| https://github.com/authlib/authlib/releases/tag/v1.6.9 | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2026-28498 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448182 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:6309 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6912 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6720 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6568 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6497 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6567 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| authlib | authlib |
Affected:
< 1.6.9
|
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 |
|
| Red Hat | Red Hat Quay 3.10 |
cpe:/a:redhat:quay:3.10::el8 |
|
| Red Hat | Red Hat Quay 3.12 |
cpe:/a:redhat:quay:3.12::el8 |
|
| Red Hat | Red Hat Quay 3.15 |
cpe:/a:redhat:quay:3.15::el8 |
|
| Red Hat | Red Hat Quay 3.16 |
cpe:/a:redhat:quay:3.16::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | Lightspeed Core |
cpe:/a:redhat:lightspeed_core |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28498",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T18:14:21.039703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T18:14:42.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lightspeed_core"
],
"defaultStatus": "unaffected",
"product": "Lightspeed Core",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-16T18:03:28.821Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library\u0027s internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "Missing Cryptographic Step",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:04:52.378Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"name": "RHBZ#2448182",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448182"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28498.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6309"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6720"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6497"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6567"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:6309: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:6912: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:6720: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:6568: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:6497: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:6567: Red Hat Quay 3.16"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-16T19:02:00.128Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-16T18:03:28.821Z",
"value": "Made public."
}
],
"title": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "authlib",
"vendor": "authlib",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification logic (_verify_hash) responsible for validating the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims exhibits a fail-open behavior when encountering an unsupported or unknown cryptographic algorithm. This flaw allows an attacker to bypass mandatory integrity protections by supplying a forged ID Token with a deliberately unrecognized alg header parameter. The library intercepts the unsupported state and silently returns True (validation passed), inherently violating fundamental cryptographic design principles and direct OIDC specifications. This issue has been patched in version 1.6.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-573",
"description": "CWE-573: Improper Following of Specification by Caller",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T18:03:28.821Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j"
},
{
"name": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b"
},
{
"name": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
}
],
"source": {
"advisory": "GHSA-m344-f55w-2m6j",
"discovery": "UNKNOWN"
},
"title": "Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28498",
"datePublished": "2026-03-16T18:03:28.821Z",
"dateReserved": "2026-02-27T20:57:47.708Z",
"dateUpdated": "2026-07-01T12:04:52.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-28498",
"date": "2026-07-14",
"epss": "0.00226",
"percentile": "0.1325"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-28498\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-16T18:16:07.717\",\"lastModified\":\"2026-07-01T13:16:55.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification logic (_verify_hash) responsible for validating the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims exhibits a fail-open behavior when encountering an unsupported or unknown cryptographic algorithm. This flaw allows an attacker to bypass mandatory integrity protections by supplying a forged ID Token with a deliberately unrecognized alg header parameter. The library intercepts the unsupported state and silently returns True (validation passed), inherently violating fundamental cryptographic design principles and direct OIDC specifications. This issue has been patched in version 1.6.9.\"},{\"lang\":\"es\",\"value\":\"Authlib es una biblioteca Python que construye servidores OAuth y OpenID Connect. Antes de la versi\u00f3n 1.6.9, se identific\u00f3 una vulnerabilidad a nivel de biblioteca en la biblioteca Python Authlib con respecto a la validaci\u00f3n de los tokens de ID de OpenID Connect (OIDC). Espec\u00edficamente, la l\u00f3gica interna de verificaci\u00f3n de hash (_verify_hash) responsable de validar las reclamaciones at_hash (Hash de Token de Acceso) y c_hash (Hash de C\u00f3digo de Autorizaci\u00f3n) exhibe un comportamiento fail-open al encontrar un algoritmo criptogr\u00e1fico no compatible o desconocido. Esta falla permite a un atacante eludir las protecciones de integridad obligatorias al suministrar un token de ID falsificado con un par\u00e1metro de encabezado alg deliberadamente no reconocido. La biblioteca intercepta el estado no compatible y devuelve silenciosamente True (validaci\u00f3n aprobada), violando inherentemente los principios fundamentales de dise\u00f1o criptogr\u00e1fico y las especificaciones directas de OIDC. Este problema ha sido parcheado en la versi\u00f3n 1.6.9.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"authlib\",\"product\":\"authlib\",\"versions\":[{\"version\":\"\u003c 1.6.9\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.12\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.12::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.15::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Lightspeed Core\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:lightspeed_core\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-16T18:14:21.039703Z\",\"id\":\"CVE-2026-28498\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-354\"},{\"lang\":\"en\",\"value\":\"CWE-573\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-325\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:authlib:authlib:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.6.9\",\"matchCriteriaId\":\"8C677FEC-2094-49D8-ABAB-F740B6F83D38\"}]}]}],\"references\":[{\"url\":\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/authlib/authlib/releases/tag/v1.6.9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6309\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6497\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6567\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6568\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6720\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6912\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-28498\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2448182\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28498.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-01T00:08:45+00:00",
"cve": "CVE-2026-28498",
"id": "CVE-2026-28498",
"initial_release_date": "2026-03-16T18:03:28.821000+00:00",
"product_status:fixed": "22",
"product_status:known_affected": "2",
"product_status:known_not_affected": "216",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28498.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-28498\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-16T18:14:21.039703Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-16T18:14:33.935Z\"}}], \"cna\": {\"title\": \"Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding\", \"source\": {\"advisory\": \"GHSA-m344-f55w-2m6j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"authlib\", \"product\": \"authlib\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.6.9\"}]}], \"references\": [{\"url\": \"https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j\", \"name\": \"https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\", \"name\": \"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/authlib/authlib/releases/tag/v1.6.9\", \"name\": \"https://github.com/authlib/authlib/releases/tag/v1.6.9\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification logic (_verify_hash) responsible for validating the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims exhibits a fail-open behavior when encountering an unsupported or unknown cryptographic algorithm. This flaw allows an attacker to bypass mandatory integrity protections by supplying a forged ID Token with a deliberately unrecognized alg header parameter. The library intercepts the unsupported state and silently returns True (validation passed), inherently violating fundamental cryptographic design principles and direct OIDC specifications. This issue has been patched in version 1.6.9.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-354\", \"description\": \"CWE-354: Improper Validation of Integrity Check Value\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-573\", \"description\": \"CWE-573: Improper Following of Specification by Caller\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-16T18:03:28.821Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-28498\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-16T18:14:42.149Z\", \"dateReserved\": \"2026-02-27T20:57:47.708Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-16T18:03:28.821Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:6912
Vulnerability from csaf_redhat - Published: 2026-04-07 17:36 - Updated: 2026-07-09 21:15A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64 | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64 | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64 | — |
Workaround
|
A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64 | — |
Workaround
|
A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library's internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64 | — |
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64 | — |
Workaround
|
A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.20 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.20",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6912",
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28498",
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-30922",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32597",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4599",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4600",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4601",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4602",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6912.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.20",
"tracking": {
"current_release_date": "2026-07-09T21:15:54+00:00",
"generator": {
"date": "2026-07-09T21:15:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:6912",
"initial_release_date": "2026-04-07T17:36:52+00:00",
"revision_history": [
{
"date": "2026-04-07T17:36:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-07T17:37:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T21:15:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.10",
"product": {
"name": "Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885559"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Af10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885579"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774886143"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ac1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885638"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Ad562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775173011"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ae077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885636"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Aeae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169155"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885638"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885636"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Aa0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169155"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ac642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885638"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Af720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885636"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Abb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169155"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4599",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2026-03-23T06:01:34.008562+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "RHBZ#2450207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4599",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20",
"url": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1",
"url": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/647",
"url": "https://github.com/kjur/jsrsasign/pull/647"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939"
}
],
"release_date": "2026-03-23T05:00:12.522000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces"
},
{
"cve": "CVE-2026-4600",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-23T06:01:39.334925+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT. The flaw in jsrsasign allows an attacker to forge Digital Signature Algorithm (DSA) signatures or X.509 certificates by providing malicious domain parameters during validation. This could lead to unauthorized access or data manipulation in affected Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, where jsrsasign is utilized for cryptographic signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "RHBZ#2450208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4600",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4600"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7",
"url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60",
"url": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/646",
"url": "https://github.com/kjur/jsrsasign/pull/646"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940"
}
],
"release_date": "2026-03-23T05:00:08.475000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters"
},
{
"cve": "CVE-2026-4601",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-23T06:01:44.014846+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450209"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A flaw in the jsrsasign library allows for private key recovery due to a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process. An attacker can manipulate signature generation within the KJUR.crypto.DSA.signWithMessageHash function to force specific values, enabling the recovery of the private key. This impacts Red Hat products utilizing jsrsasign, such as Migration Toolkit for Virtualization and Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "RHBZ#2450209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586",
"url": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb",
"url": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/645",
"url": "https://github.com/kjur/jsrsasign/pull/645"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941"
}
],
"release_date": "2026-03-23T05:00:13.312000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing"
},
{
"cve": "CVE-2026-4602",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2026-03-23T06:01:28.729668+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450206"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT flaw. The `jsrsasign` library, as used in Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, is vulnerable to a signature verification bypass. A remote attacker could provide a specially crafted negative exponent to the `modPow` function, leading to incorrect modular inverse computations and allowing them to bypass signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "RHBZ#2450206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450206"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5",
"url": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195",
"url": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/650",
"url": "https://github.com/kjur/jsrsasign/pull/650"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175"
}
],
"release_date": "2026-03-23T05:00:10.567000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling"
},
{
"cve": "CVE-2026-28498",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-16T19:02:00.128339+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library\u0027s internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Authlib allows attackers to bypass OIDC ID Token integrity verification. The at_hash and c_hash validation fails open for unknown algorithms, accepting forged tokens as valid. Exploitation requires no authentication or user interaction. Impact is high to confidentiality and integrity. Red Hat products using Authlib for OIDC validation are affected. Fixed in version 1.6.9.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "RHBZ#2448182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28498"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b",
"url": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j"
}
],
"release_date": "2026-03-16T18:03:28.821000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens"
},
{
"cve": "CVE-2026-30922",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-03-18T04:02:45.401296+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448553"
}
],
"notes": [
{
"category": "description",
"text": "An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "RHBZ#2448553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
}
],
"release_date": "2026-03-18T02:29:45.857000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
},
{
"cve": "CVE-2026-32597",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-12T22:01:29.967713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447194"
}
],
"notes": [
{
"category": "description",
"text": "A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 \u00a74.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "RHBZ#2447194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
}
],
"release_date": "2026-03-12T21:41:50.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)"
}
]
}
SUSE-SU-2026:0975-1
Vulnerability from csaf_suse - Published: 2026-03-23 16:34 - Updated: 2026-03-23 16:34| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Authlib",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Authlib fixes the following issues:\n\n- CVE-2026-27962: JWS `deserialize_compact()` allows for signature bypass by accepting user-controlled embedded JWK as\n verification key (bsc#1259738).\n- CVE-2026-28490: cryptographic padding oracle in JWE RSA1_5 key management algorithm (bsc#1259736).\n- CVE-2026-28498: fail-open in behavior OIDC hash validation allows for bypass mandatory integrity protections\n (bsc#1259737).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-975,SUSE-SLE-Module-Python3-15-SP7-2026-975,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-975,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-975,openSUSE-SLE-15.6-2026-975",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0975-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0975-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260975-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0975-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024822.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259736",
"url": "https://bugzilla.suse.com/1259736"
},
{
"category": "self",
"summary": "SUSE Bug 1259737",
"url": "https://bugzilla.suse.com/1259737"
},
{
"category": "self",
"summary": "SUSE Bug 1259738",
"url": "https://bugzilla.suse.com/1259738"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27962 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-28490 page",
"url": "https://www.suse.com/security/cve/CVE-2026-28490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-28498 page",
"url": "https://www.suse.com/security/cve/CVE-2026-28498/"
}
],
"title": "Security update for python-Authlib",
"tracking": {
"current_release_date": "2026-03-23T16:34:37Z",
"generator": {
"date": "2026-03-23T16:34:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0975-1",
"initial_release_date": "2026-03-23T16:34:37Z",
"revision_history": [
{
"date": "2026-03-23T16:34:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-Authlib-1.3.1-150600.3.17.1.noarch",
"product": {
"name": "python311-Authlib-1.3.1-150600.3.17.1.noarch",
"product_id": "python311-Authlib-1.3.1-150600.3.17.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Authlib-1.3.1-150600.3.17.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch"
},
"product_reference": "python311-Authlib-1.3.1-150600.3.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Authlib-1.3.1-150600.3.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch"
},
"product_reference": "python311-Authlib-1.3.1-150600.3.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Authlib-1.3.1-150600.3.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch"
},
"product_reference": "python311-Authlib-1.3.1-150600.3.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Authlib-1.3.1-150600.3.17.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch"
},
"product_reference": "python311-Authlib-1.3.1-150600.3.17.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27962"
}
],
"notes": [
{
"category": "general",
"text": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib\u0027s JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic key embedded in the attacker-controlled JWT jwk header field. An attacker can sign a token with their own private key, embed the matching public key in the header, and have the server accept the forged token as cryptographically valid - bypassing authentication and authorization entirely. This issue has been patched in version 1.6.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27962",
"url": "https://www.suse.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "SUSE Bug 1259738 for CVE-2026-27962",
"url": "https://bugzilla.suse.com/1259738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T16:34:37Z",
"details": "critical"
}
],
"title": "CVE-2026-27962"
},
{
"cve": "CVE-2026-28490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-28490"
}
],
"notes": [
{
"category": "general",
"text": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management algorithm. Authlib registers RSA1_5 in its default algorithm registry without requiring explicit opt-in, and actively destroys the constant-time Bleichenbacher mitigation that the underlying cryptography library implements correctly. This issue has been patched in version 1.6.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-28490",
"url": "https://www.suse.com/security/cve/CVE-2026-28490"
},
{
"category": "external",
"summary": "SUSE Bug 1259736 for CVE-2026-28490",
"url": "https://bugzilla.suse.com/1259736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T16:34:37Z",
"details": "moderate"
}
],
"title": "CVE-2026-28490"
},
{
"cve": "CVE-2026-28498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-28498"
}
],
"notes": [
{
"category": "general",
"text": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification logic (_verify_hash) responsible for validating the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims exhibits a fail-open behavior when encountering an unsupported or unknown cryptographic algorithm. This flaw allows an attacker to bypass mandatory integrity protections by supplying a forged ID Token with a deliberately unrecognized alg header parameter. The library intercepts the unsupported state and silently returns True (validation passed), inherently violating fundamental cryptographic design principles and direct OIDC specifications. This issue has been patched in version 1.6.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-28498",
"url": "https://www.suse.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "SUSE Bug 1259737 for CVE-2026-28498",
"url": "https://bugzilla.suse.com/1259737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-Authlib-1.3.1-150600.3.17.1.noarch",
"openSUSE Leap 15.6:python311-Authlib-1.3.1-150600.3.17.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T16:34:37Z",
"details": "critical"
}
],
"title": "CVE-2026-28498"
}
]
}
ubuntu-cve-2026-28498
Vulnerability from osv_ubuntu
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification logic (_verify_hash) responsible for validating the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims exhibits a fail-open behavior when encountering an unsupported or unknown cryptographic algorithm. This flaw allows an attacker to bypass mandatory integrity protections by supplying a forged ID Token with a deliberately unrecognized alg header parameter. The library intercepts the unsupported state and silently returns True (validation passed), inherently violating fundamental cryptographic design principles and direct OIDC specifications. This issue has been patched in version 1.6.9.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-authlib",
"binary_version": "0.15.5-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "python-authlib",
"purl": "pkg:deb/ubuntu/python-authlib@0.15.5-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.15.4-1",
"0.15.5-1",
"0.15.5-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-authlib",
"binary_version": "1.3.0-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "python-authlib",
"purl": "pkg:deb/ubuntu/python-authlib@1.3.0-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.2.1-1",
"1.3.0-1",
"1.3.0-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-authlib",
"binary_version": "1.6.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "python-authlib",
"purl": "pkg:deb/ubuntu/python-authlib@1.6.0-1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.1-1",
"1.5.2-1",
"1.6.0-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-authlib",
"binary_version": "1.6.7-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "python-authlib",
"purl": "pkg:deb/ubuntu/python-authlib@1.6.7-1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.0-1",
"1.6.5-1",
"1.6.6-1",
"1.6.7-1"
]
}
],
"aliases": [],
"details": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification logic (_verify_hash) responsible for validating the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims exhibits a fail-open behavior when encountering an unsupported or unknown cryptographic algorithm. This flaw allows an attacker to bypass mandatory integrity protections by supplying a forged ID Token with a deliberately unrecognized alg header parameter. The library intercepts the unsupported state and silently returns True (validation passed), inherently violating fundamental cryptographic design principles and direct OIDC specifications. This issue has been patched in version 1.6.9.",
"id": "UBUNTU-CVE-2026-28498",
"modified": "2026-06-30T16:19:40Z",
"published": "2026-03-16T18:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-28498"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28498"
},
{
"type": "REPORT",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-28498"
]
}
WID-SEC-W-2026-0935
Vulnerability from csaf_certbund - Published: 2026-03-31 22:00 - Updated: 2026-06-16 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform f\u00fcr die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0935 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0935.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0935 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0935"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-03-31",
"url": "https://access.redhat.com/errata/RHSA-2026:6308"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-03-31",
"url": "https://access.redhat.com/errata/RHSA-2026:6309"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6404 vom 2026-04-01",
"url": "https://access.redhat.com/errata/RHSA-2026:6404"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6278 vom 2026-04-01",
"url": "https://access.redhat.com/errata/RHSA-2026:6278"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3215 vom 2026-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3215.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20929-1 vom 2026-04-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025088.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5910 vom 2026-04-02",
"url": "https://access.redhat.com/errata/RHSA-2026:5910"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21021-1 vom 2026-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025209.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8218 vom 2026-04-15",
"url": "https://access.redhat.com/errata/RHSA-2026:8218"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7269544 vom 2026-04-15",
"url": "https://www.ibm.com/support/pages/node/7269544"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8490 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8490"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8437 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8437"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10184 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10093 vom 2026-04-29",
"url": "https://access.redhat.com/errata/RHSA-2026:10093"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:12176 vom 2026-04-30",
"url": "https://access.redhat.com/errata/RHSA-2026:12176"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:11916 vom 2026-04-30",
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:11856 vom 2026-04-29",
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-12176 vom 2026-05-01",
"url": "http://linux.oracle.com/errata/ELSA-2026-12176.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13553 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13553"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13508 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13508"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13512 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13512"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13545 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13545"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13826 vom 2026-05-05",
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13917 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:13917"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13916 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:13916"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13672 vom 2026-05-06",
"url": "https://errata.build.resf.org/RLSA-2026:13672"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13902 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:13902"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-13916 vom 2026-05-07",
"url": "http://linux.oracle.com/errata/ELSA-2026-13916.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13902 vom 2026-05-07",
"url": "https://errata.build.resf.org/RLSA-2026:13902"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14020 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:14020"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-13917 vom 2026-05-07",
"url": "http://linux.oracle.com/errata/ELSA-2026-13917.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-85B819B928 vom 2026-05-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-85b819b928"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13916 vom 2026-05-07",
"url": "https://errata.build.resf.org/RLSA-2026:13916"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14873 vom 2026-05-07",
"url": "https://access.redhat.com/errata/RHSA-2026:14873"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14874 vom 2026-05-07",
"url": "https://access.redhat.com/errata/RHSA-2026:14874"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-13902 vom 2026-05-07",
"url": "https://linux.oracle.com/errata/ELSA-2026-13902.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-301CBBE347 vom 2026-05-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-301cbbe347"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-793B55138D vom 2026-05-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-793b55138d"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13917 vom 2026-05-07",
"url": "https://errata.build.resf.org/RLSA-2026:13917"
},
{
"category": "external",
"summary": "HCL Security Bulletin",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0130587"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4579 vom 2026-05-11",
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00023.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:16535 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:15091 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:15091"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14774 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:14774"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17083 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:17083"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:16874 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7273312 vom 2026-05-18",
"url": "https://www.ibm.com/support/pages/node/7273312"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19138 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:19138"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19355 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19355"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19375 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19712 vom 2026-05-21",
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20588 vom 2026-05-26",
"url": "https://access.redhat.com/errata/RHSA-2026:20588"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21431 vom 2026-05-28",
"url": "https://access.redhat.com/errata/RHSA-2026:21431"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21517 vom 2026-05-28",
"url": "https://access.redhat.com/errata/RHSA-2026:21517"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22131 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22131"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22134 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22134"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22135 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22135"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22133 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22133"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22132 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22132"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22330 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22330"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22465 vom 2026-06-02",
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22970 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:22970"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22969 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:22969"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22987 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:22987"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24761 vom 2026-06-09",
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24977 vom 2026-06-10",
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24762 vom 2026-06-09",
"url": "https://access.redhat.com/errata/RHSA-2026:24762"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:25041 vom 2026-06-10",
"url": "https://access.redhat.com/errata/RHSA-2026:25041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26214 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26214"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26211 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26211"
}
],
"source_lang": "en-US",
"title": "Red Hat Ansible Automation Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T09:00:13.440+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0935",
"initial_release_date": "2026-03-31T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat, Amazon und SUSE aufgenommen"
},
{
"date": "2026-04-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-14T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-16T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-28T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-29T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-05-04T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-05T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux, Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-05-07T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Fedora, Rocky Enterprise Software Foundation, Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-05-10T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2026-05-11T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-05-12T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-20T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-27T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-31T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-04T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-08T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-09T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "WebUI",
"product": {
"name": "HCL BigFix WebUI",
"product_id": "T036098",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T051349",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "T048379",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.5",
"product": {
"name": "Red Hat Ansible Automation Platform 2.5",
"product_id": "10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.5"
}
}
},
{
"category": "product_version",
"name": "2.6",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6",
"product_id": "849D5C3D-731E-4D19-801F-338FD159A1BB",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.5",
"product": {
"name": "Red Hat Ansible Automation Platform \u003c2.5",
"product_id": "T052317"
}
},
{
"category": "product_version",
"name": "2.5",
"product": {
"name": "Red Hat Ansible Automation Platform 2.5",
"product_id": "T052317-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.6",
"product": {
"name": "Red Hat Ansible Automation Platform \u003c2.6",
"product_id": "T052318"
}
},
{
"category": "product_version",
"name": "2.6",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6",
"product_id": "T052318-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.6"
}
}
}
],
"category": "product_name",
"name": "Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "10.0 Extended Update Support",
"product": {
"name": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"product_id": "T054024",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0_extended_update_support"
}
}
},
{
"category": "product_version",
"name": "8.8",
"product": {
"name": "Red Hat Enterprise Linux 8.8",
"product_id": "T054696",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8.8"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.64",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.64",
"product_id": "T054018"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.64",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.64",
"product_id": "T054018-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.64"
}
}
},
{
"category": "product_version",
"name": "Network Observability 1.11.2",
"product": {
"name": "Red Hat OpenShift Network Observability 1.11.2",
"product_id": "T054021",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:network_observability_1.11.2"
}
}
},
{
"category": "product_version",
"name": "Migration Toolkit for Containers",
"product": {
"name": "Red Hat OpenShift Migration Toolkit for Containers",
"product_id": "T055205",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:migration_toolkit_for_containers"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-69223",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2025-69223"
},
{
"cve": "CVE-2025-69873",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2025-69873"
},
{
"cve": "CVE-2026-25639",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-25639"
},
{
"cve": "CVE-2026-25990",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-25990"
},
{
"cve": "CVE-2026-29074",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-29074"
},
{
"cve": "CVE-2026-30827",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-30827"
},
{
"cve": "CVE-2026-30922",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-30922"
},
{
"cve": "CVE-2026-26007",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-26007"
},
{
"cve": "CVE-2026-1615",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-1615"
},
{
"cve": "CVE-2026-28498",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-28498"
},
{
"cve": "CVE-2026-28802",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-28802"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.