Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-39892 (GCVE-0-2026-39892)
Vulnerability from cvelistv5 – Published: 2026-04-08 20:49 – Updated: 2026-04-09 19:52
VLAI?
EPSS
Title
cryptography has a buffer overflow if non-contiguous buffers were passed to APIs
Summary
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/pyca/cryptography/security/adv… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pyca | cryptography |
Affected:
>= 45.0.0, < 46.0.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-08T21:16:07.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T19:41:57.662246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T19:52:22.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cryptography",
"vendor": "pyca",
"versions": [
{
"status": "affected",
"version": "\u003e= 45.0.0, \u003c 46.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T20:49:41.967Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"source": {
"advisory": "GHSA-p423-j2cm-9vmq",
"discovery": "UNKNOWN"
},
"title": "cryptography has a buffer overflow if non-contiguous buffers were passed to APIs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39892",
"datePublished": "2026-04-08T20:49:41.967Z",
"dateReserved": "2026-04-07T20:32:03.011Z",
"dateUpdated": "2026-04-09T19:52:22.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-39892",
"date": "2026-05-22",
"epss": "0.00023",
"percentile": "0.0687"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-39892\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-08T21:17:01.547\",\"lastModified\":\"2026-04-15T16:12:39.677\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*\",\"versionStartIncluding\":\"45.0.0\",\"versionEndExcluding\":\"46.0.7\",\"matchCriteriaId\":\"95681E8C-FDEC-4D88-BACE-6F47FB12D339\"}]}]}],\"references\":[{\"url\":\"https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/04/08/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"cryptography has a buffer overflow if non-contiguous buffers were passed to APIs\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-119\", \"lang\": \"en\", \"description\": \"CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV4_0\": {\"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\", \"version\": \"4.0\"}}], \"references\": [{\"name\": \"https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq\"}], \"affected\": [{\"vendor\": \"pyca\", \"product\": \"cryptography\", \"versions\": [{\"version\": \"\u003e= 45.0.0, \u003c 46.0.7\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-08T20:49:41.967Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.\"}], \"source\": {\"advisory\": \"GHSA-p423-j2cm-9vmq\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/04/08/12\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-04-08T21:16:07.164Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-39892\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-09T19:41:57.662246Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-09T19:42:59.572Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-39892\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2026-04-07T20:32:03.011Z\", \"datePublished\": \"2026-04-08T20:49:41.967Z\", \"dateUpdated\": \"2026-04-09T19:52:22.602Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0550
Vulnerability from certfr_avis - Published: 2026-05-07 - Updated: 2026-05-07
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | AIX | AIX 7.2 et 7.3 sans le correctif 301610mc.260424.epkg.Z | ||
| IBM | Sterling | IBM Sterling Transformation Extender versions 11.0.0.0 sans le correctif PH71092 | ||
| IBM | Sterling | IBM Sterling Transformation Extender versions 10.1.0.3 sans le correctif PH71092 | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.4 | ||
| IBM | QRadar | QRadar AI Assistant versions antérieures à 1.5.0 | ||
| IBM | Sterling | IBM Sterling Transformation Extender versions 10.1.1.2 sans le correctif PH71092 | ||
| IBM | Sterling | IBM Sterling Transformation Extender versions 10.1.2.2 sans le correctif PH71092 | ||
| IBM | VIOS | VIOS 4.1 sans le correctif 301610mc.260424.epkg.Z |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AIX 7.2 et 7.3 sans le correctif 301610mc.260424.epkg.Z",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Transformation Extender versions 11.0.0.0 sans le correctif PH71092",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Transformation Extender versions 10.1.0.3 sans le correctif PH71092",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.4",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar AI Assistant versions ant\u00e9rieures \u00e0 1.5.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Transformation Extender versions 10.1.1.2 sans le correctif PH71092",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Transformation Extender versions 10.1.2.2 sans le correctif PH71092",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS 4.1 sans le correctif 301610mc.260424.epkg.Z",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-40087",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40087"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2026-33123",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33123"
},
{
"name": "CVE-2026-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
},
{
"name": "CVE-2026-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
},
{
"name": "CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25645"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-0540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0540"
},
{
"name": "CVE-2026-28389",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-34515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34515"
},
{
"name": "CVE-2026-34519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34519"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2026-34518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34518"
},
{
"name": "CVE-2026-34525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34525"
},
{
"name": "CVE-2026-28387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
},
{
"name": "CVE-2026-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
},
{
"name": "CVE-2026-4539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4539"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2026-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
},
{
"name": "CVE-2026-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
},
{
"name": "CVE-2026-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
},
{
"name": "CVE-2026-27124",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27124"
},
{
"name": "CVE-2026-34268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
},
{
"name": "CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"name": "CVE-2026-34516",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34516"
},
{
"name": "CVE-2026-27448",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27448"
},
{
"name": "CVE-2026-31789",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
},
{
"name": "CVE-2026-34517",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34517"
},
{
"name": "CVE-2026-32871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32871"
},
{
"name": "CVE-2026-34513",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34513"
},
{
"name": "CVE-2026-34514",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34514"
},
{
"name": "CVE-2026-34520",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34520"
},
{
"name": "CVE-2025-64340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64340"
},
{
"name": "CVE-2026-28804",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28804"
},
{
"name": "CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"name": "CVE-2026-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22815"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-67221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67221"
},
{
"name": "CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"name": "CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"name": "CVE-2026-34070",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34070"
}
],
"initial_release_date": "2026-05-07T00:00:00",
"last_revision_date": "2026-05-07T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0550",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-05-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7271707",
"url": "https://www.ibm.com/support/pages/node/7271707"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7271922",
"url": "https://www.ibm.com/support/pages/node/7271922"
},
{
"published_at": "2026-05-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7271681",
"url": "https://www.ibm.com/support/pages/node/7271681"
},
{
"published_at": "2026-05-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7271765",
"url": "https://www.ibm.com/support/pages/node/7271765"
}
]
}
CERTFR-2026-AVI-0556
Vulnerability from certfr_avis - Published: 2026-05-11 - Updated: 2026-05-11
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 31.3.x antérieures à 3.13.15 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server For Kubernetes versions antérieures à 1.3.0 | ||
| VMware | Tanzu | Tanzu Data Flow on Kubernetes versions antérieures à 2.1.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.0.x antérieures à 4.0.20 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Backup and Restore versions antérieures à1.33.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Data Copy Utility versions antérieures à 2.9.3 | ||
| VMware | Tanzu | Tanzu for Valkey on Kubernetes versions antérieures à 3.3.4 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions 6.17.x antérieures à 6.17.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum on Kubernetes versions antérieures à 1.1.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Platform Extension Framework versions antérieures à 8.0.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.2.x antérieures à 4.2.6 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Text versions antérieures à 4.0.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server versions antérieures à 2.3.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.3.x antérieures à 4.3.0 | ||
| VMware | Tanzu | Tanzu for Valkey on Kubernetes versions antérieures à 3.4.0 | ||
| VMware | Tanzu Gemfire | Tanzu GemFire versions antérieures à 10.2.3 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Upgrade versions antérieures à 2.0.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplumversions antérieures à 7.8.0 | ||
| VMware | Tanzu Gemfire | Tanzu GemFire Vector Database versions antérieures à 1.2.2 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions antérieures à 6.33.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions 7.7.x antérieures à 7.7.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.1.x antérieures à 4.1.11 | ||
| VMware | Tanzu | Tanzu for MySQL on Kubernetes versions antérieures à 2.0.3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu RabbitMQ on Kubernetes versions 31.3.x ant\u00e9rieures \u00e0 3.13.15",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server For Kubernetes versions ant\u00e9rieures \u00e0 1.3.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Flow on Kubernetes versions ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.0.x ant\u00e9rieures \u00e0 4.0.20",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Backup and Restore versions ant\u00e9rieures \u00e01.33.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Data Copy Utility versions ant\u00e9rieures \u00e0 2.9.3",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for Valkey on Kubernetes versions ant\u00e9rieures \u00e0 3.3.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions 6.17.x ant\u00e9rieures \u00e0 6.17.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum on Kubernetes versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.2.x ant\u00e9rieures \u00e0 4.2.6",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Text versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.3.x ant\u00e9rieures \u00e0 4.3.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for Valkey on Kubernetes versions ant\u00e9rieures \u00e0 3.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": " Tanzu GemFire versions ant\u00e9rieures \u00e0 10.2.3",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Upgrade versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplumversions ant\u00e9rieures \u00e0 7.8.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Vector Database versions ant\u00e9rieures \u00e0 1.2.2",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.33.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions 7.7.x ant\u00e9rieures \u00e0 7.7.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.1.x ant\u00e9rieures \u00e0 4.1.11",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for MySQL on Kubernetes versions ant\u00e9rieures \u00e0 2.0.3\n",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2025-69534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69534"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2025-3264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3264"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2020-26939",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26939"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2026-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4878"
},
{
"name": "CVE-2026-35238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35238"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2026-27205",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27205"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2026-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32990"
},
{
"name": "CVE-2022-30973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30973"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2026-1669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1669"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2021-27906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27906"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2026-34267",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34267"
},
{
"name": "CVE-2023-50386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
},
{
"name": "CVE-2026-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21936"
},
{
"name": "CVE-2026-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21937"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2016-1000341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
},
{
"name": "CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2026-35239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35239"
},
{
"name": "CVE-2026-3497",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3497"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"name": "CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"name": "CVE-2021-36373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2026-0897",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0897"
},
{
"name": "CVE-2025-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5197"
},
{
"name": "CVE-2026-34271",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34271"
},
{
"name": "CVE-2019-10094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10094"
},
{
"name": "CVE-2026-24308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24308"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2026-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3446"
},
{
"name": "CVE-2026-32875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32875"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2016-1000343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"name": "CVE-2022-24613",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24613"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2026-27456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
},
{
"name": "CVE-2026-22701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22701"
},
{
"name": "CVE-2026-34270",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34270"
},
{
"name": "CVE-2026-34303",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34303"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2953"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2025-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3933"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2018-8036",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8036"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2026-22009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22009"
},
{
"name": "CVE-2018-1320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
},
{
"name": "CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2026-21998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21998"
},
{
"name": "CVE-2019-17558",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17558"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2026-35469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
},
{
"name": "CVE-2020-13955",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13955"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"name": "CVE-2016-1000346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2026-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2026-35236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35236"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2026-35237",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35237"
},
{
"name": "CVE-2014-0114",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0114"
},
{
"name": "CVE-2026-33236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33236"
},
{
"name": "CVE-2022-32287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32287"
},
{
"name": "CVE-2026-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2016-1000345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2022-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"name": "CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22017"
},
{
"name": "CVE-2022-26336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26336"
},
{
"name": "CVE-2024-21244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21244"
},
{
"name": "CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2018-1338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1338"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2021-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29262"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2024-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21503"
},
{
"name": "CVE-2016-1000338",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2026-1703",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1703"
},
{
"name": "CVE-2026-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25645"
},
{
"name": "CVE-2026-21860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
},
{
"name": "CVE-2026-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3479"
},
{
"name": "CVE-2024-52012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52012"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2026-39883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39883"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2019-10088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10088"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"name": "CVE-2026-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1839"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-34515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34515"
},
{
"name": "CVE-2026-5598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
},
{
"name": "CVE-2026-34519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34519"
},
{
"name": "CVE-2018-11797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11797"
},
{
"name": "CVE-2026-22022",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22022"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2026-34304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34304"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2018-8017",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8017"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2026-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21948"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2017-15691",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15691"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2026-22002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22002"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2026-34518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34518"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2016-1000342",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2018-17197",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17197"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-62813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2026-34308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34308"
},
{
"name": "CVE-2016-1000339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2026-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3219"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2023-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2025-21499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21499"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2026-27199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27199"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2020-1945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2021-23926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
},
{
"name": "CVE-2026-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21964"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2026-22731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22731"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2025-68146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-3730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3730"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-34525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34525"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2026-32274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32274"
},
{
"name": "CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"name": "CVE-2026-35240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35240"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2026-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22004"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2018-1324",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1324"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2026-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22001"
},
{
"name": "CVE-2026-32874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32874"
},
{
"name": "CVE-2025-3263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3263"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2026-4539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4539"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-31812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31812"
},
{
"name": "CVE-2026-4519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4519"
},
{
"name": "CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"name": "CVE-2025-13462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13462"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2025-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6051"
},
{
"name": "CVE-2026-4111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2025-66034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66034"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2026-3298",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3298"
},
{
"name": "CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"name": "CVE-2026-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21968"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-21232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21232"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2026-4224",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4224"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2019-12415",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
},
{
"name": "CVE-2025-8869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-25854",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
},
{
"name": "CVE-2026-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22015"
},
{
"name": "CVE-2025-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
},
{
"name": "CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"name": "CVE-2026-23949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23949"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-1519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1519"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2018-11761",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11761"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2018-11771",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11771"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2018-1335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1335"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2025-21493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21493"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2018-11762",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11762"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2026-22733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22733"
},
{
"name": "CVE-2026-2297",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2297"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2026-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22005"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2016-1000340",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000340"
},
{
"name": "CVE-2026-34516",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34516"
},
{
"name": "CVE-2026-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1299"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"name": "CVE-2026-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3644"
},
{
"name": "CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-29129",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29129"
},
{
"name": "CVE-2022-31159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-34517",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34517"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2020-15522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15522"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2018-1339",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1339"
},
{
"name": "CVE-2016-1000352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-14009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14009"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2026-34278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34278"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2026-34513",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34513"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2026-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"name": "CVE-2026-34514",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34514"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2099"
},
{
"name": "CVE-2025-1194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1194"
},
{
"name": "CVE-2025-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6638"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2016-1000344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2017-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3164"
},
{
"name": "CVE-2026-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41066"
},
{
"name": "CVE-2026-34520",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34520"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2026-24880",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24880"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"name": "CVE-2026-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
},
{
"name": "CVE-2026-0672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
},
{
"name": "CVE-2017-7669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7669"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2017-8806",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8806"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2019-0193",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0193"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-33231",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33231"
},
{
"name": "CVE-2022-30126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30126"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"name": "CVE-2025-6921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6921"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2026-34276",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34276"
},
{
"name": "CVE-2022-24614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24614"
},
{
"name": "CVE-2026-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22815"
},
{
"name": "CVE-2020-13959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13959"
},
{
"name": "CVE-2025-24814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24814"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2020-11979",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
},
{
"name": "CVE-2025-67221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67221"
},
{
"name": "CVE-2024-21243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21243"
},
{
"name": "CVE-2026-33230",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33230"
},
{
"name": "CVE-2021-31811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31811"
},
{
"name": "CVE-2021-27807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27807"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2026-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24281"
},
{
"name": "CVE-2026-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1462"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2026-34293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34293"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2018-11802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11802"
},
{
"name": "CVE-2025-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3777"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2018-11796",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11796"
},
{
"name": "CVE-2020-13957",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13957"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2018-1000632",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632"
},
{
"name": "CVE-2026-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0846"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-05-11T00:00:00",
"last_revision_date": "2026-05-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0556",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37451",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37451"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37445",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37445"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37460",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37460"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37449",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37449"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37450",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37450"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37466",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37466"
},
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37468",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37468"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37444",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37444"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37461",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37461"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2016-11",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37459"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37446",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37446"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37465",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37465"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37448",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37448"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37447",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37447"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37463",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37463"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37452",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37452"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37462",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37462"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37464",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37464"
}
]
}
CERTFR-2026-AVI-0627
Vulnerability from certfr_avis - Published: 2026-05-21 - Updated: 2026-05-21
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.2.x antérieures à 10.2.3 | ||
| Splunk | N/A | Splunk AI Toolkit versions 5.7.x antérieures à 5.7.3 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.129 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.3.2512 antérieures à 10.3.2512.9 | ||
| Splunk | Splunk | image Docker Splunk versions 10.2.x antérieures à 10.2.2 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.4.2603 antérieures à 10.4.2603.1 | ||
| Splunk | Splunk AppDynamics Database Agent | Splunk AppDynamics Database Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk | image Docker Splunk versions 9.4.x antérieures à 9.4.10 | ||
| Splunk | Splunk User Behavior Analytics (UBA) | Splunk User Behavior Analytics versions 5.4.x antérieures à 5.4.5 | ||
| Splunk | Splunk AppDynamics Private Synthetic Agent | Splunk AppDynamics Private Synthetic Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk AppDynamics Analytics Agent | Splunk AppDynamics Analytics Agent versions antérieures à 26.4.0 | ||
| Splunk | N/A | Splunk AppDynamics Cluster Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk AppDynamics Machine Agent | Splunk AppDynamics Machine Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.11 | ||
| Splunk | N/A | Splunk AppDynamics Python Agent versions antérieures à 26.4.1 | ||
| Splunk | Splunk | image Docker Splunk versions 10.0.x antérieures à 10.0.5 | ||
| Splunk | N/A | Splunk Add-on for Tomcat versions 3.3.x antérieures à 3.3.1 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.21 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.6 | ||
| Splunk | N/A | Splunk AppDynamics Apache Web Server Agent versions 25.11.x antérieures à 25.11.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.11 | ||
| Splunk | Splunk | image Docker Splunk versions 9.3.x antérieures à 9.3.11 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.13 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.11 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.12 | ||
| Splunk | Splunk AppDynamics Java Agent | Splunk AppDynamics Java Agent versions antérieures à 26.4.0 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.3",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AI Toolkit versions 5.7.x ant\u00e9rieures \u00e0 5.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.129",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.3.2512 ant\u00e9rieures \u00e0 10.3.2512.9",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 10.2.x ant\u00e9rieures \u00e0 10.2.2",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.4.2603 ant\u00e9rieures \u00e0 10.4.2603.1",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Database Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Database Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 9.4.x ant\u00e9rieures \u00e0 9.4.10",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk User Behavior Analytics versions 5.4.x ant\u00e9rieures \u00e0 5.4.5",
"product": {
"name": "Splunk User Behavior Analytics (UBA)",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Private Synthetic Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Private Synthetic Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Analytics Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Analytics Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Machine Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Machine Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.11",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Python Agent versions ant\u00e9rieures \u00e0 26.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 10.0.x ant\u00e9rieures \u00e0 10.0.5",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Add-on for Tomcat versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.21",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Apache Web Server Agent versions 25.11.x ant\u00e9rieures \u00e0 25.11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 9.3.x ant\u00e9rieures \u00e0 9.3.11",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.13",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Java Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Java Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2026-32777",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32777"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2024-5321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5321"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2026-41324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41324"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2026-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42308"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-29775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
},
{
"name": "CVE-2026-3543",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3543"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2025-68384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68384"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"name": "CVE-2026-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42309"
},
{
"name": "CVE-2023-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-29774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29774"
},
{
"name": "CVE-2025-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
},
{
"name": "CVE-2026-3540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3540"
},
{
"name": "CVE-2024-10220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10220"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"name": "CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"name": "CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"name": "CVE-2022-45868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45868"
},
{
"name": "CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2026-34876",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34876"
},
{
"name": "CVE-2025-4432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4432"
},
{
"name": "CVE-2023-5590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5590"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2026-27456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-58060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2026-1605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1605"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2026-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3061"
},
{
"name": "CVE-2026-27171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-3731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3731"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2026-35469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
},
{
"name": "CVE-2026-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3062"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2026-1861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1861"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2251"
},
{
"name": "CVE-2026-25833",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25833"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-49844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2026-22690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22690"
},
{
"name": "CVE-2025-55130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2026-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3544"
},
{
"name": "CVE-2024-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12084"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2026-2648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2648"
},
{
"name": "CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"name": "CVE-2026-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40200"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2026-27025",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27025"
},
{
"name": "CVE-2025-55131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
},
{
"name": "CVE-2026-32778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32778"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2024-41996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-59465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2026-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"name": "CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2026-25834",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25834"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2026-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3537"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-69225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27024"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2025-67030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67030"
},
{
"name": "CVE-2026-34877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34877"
},
{
"name": "CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-28389",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2026-34875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34875"
},
{
"name": "CVE-2026-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-69227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2026-34478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
},
{
"name": "CVE-2026-33055",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33055"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2017-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7658"
},
{
"name": "CVE-2026-27699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27699"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"name": "CVE-2025-28162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
},
{
"name": "CVE-2023-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22946"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2026-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2024-53899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53899"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2026-28351",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28351"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2024-30251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2026-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2650"
},
{
"name": "CVE-2026-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3541"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2026-3539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3539"
},
{
"name": "CVE-2026-34874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34874"
},
{
"name": "CVE-2026-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21712"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2024-8775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8775"
},
{
"name": "CVE-2026-3538",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3538"
},
{
"name": "CVE-2025-55159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55159"
},
{
"name": "CVE-2025-55132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
},
{
"name": "CVE-2026-22702",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22702"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2025-68390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68390"
},
{
"name": "CVE-2024-11079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11079"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2026-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
},
{
"name": "CVE-2026-28387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2026-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
},
{
"name": "CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2026-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2026-4111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
},
{
"name": "CVE-2026-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2026-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2441"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2025-69228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2025-27553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2026-27888",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27888"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2026-33056",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33056"
},
{
"name": "CVE-2026-25835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25835"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2017-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7657"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2026-0965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0965"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-40023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2026-34872",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34872"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-3542",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3542"
},
{
"name": "CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-34871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34871"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-69226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
},
{
"name": "CVE-2026-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3536"
},
{
"name": "CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2024-32650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32650"
},
{
"name": "CVE-2026-34873",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34873"
},
{
"name": "CVE-2026-6042",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6042"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2026-0967",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0967"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-59466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"name": "CVE-2026-0968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0968"
},
{
"name": "CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2024-52304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2023-5408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5408"
},
{
"name": "CVE-2025-69277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69277"
},
{
"name": "CVE-2026-25541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25541"
},
{
"name": "CVE-2026-31789",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42311"
},
{
"name": "CVE-2026-20239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20239"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2026-3063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3063"
},
{
"name": "CVE-2019-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0210"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2024-27308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27308"
},
{
"name": "CVE-2026-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42310"
},
{
"name": "CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2026-20240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20240"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"name": "CVE-2025-66566",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2017-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7656"
},
{
"name": "CVE-2026-27026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27026"
},
{
"name": "CVE-2026-2673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2026-1584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1584"
},
{
"name": "CVE-2026-20238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20238"
},
{
"name": "CVE-2024-23829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
},
{
"name": "CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2025-69229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2026-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3545"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2026-28804",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28804"
},
{
"name": "CVE-2026-34477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-2649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2649"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2025-37731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37731"
},
{
"name": "CVE-2026-24688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24688"
},
{
"name": "CVE-2026-32776",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32776"
},
{
"name": "CVE-2025-12183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2026-22691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22691"
},
{
"name": "CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2024-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-05-21T00:00:00",
"last_revision_date": "2026-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0627",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0512",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0512"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0513",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0513"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0509",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0509"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0510",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0510"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0505",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0505"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0515",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0515"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0507",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0507"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0506",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0506"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0508",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0508"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0504",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0504"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0514",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0514"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0516",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0516"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0501",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0501"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0503",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0503"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0511",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0511"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0502",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0502"
}
]
}
FKIE_CVE-2026-39892
Vulnerability from fkie_nvd - Published: 2026-04-08 21:17 - Updated: 2026-04-15 16:12
Severity ?
Summary
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2026/04/08/12 | Mailing List, Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cryptography.io | cryptography | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*",
"matchCriteriaId": "95681E8C-FDEC-4D88-BACE-6F47FB12D339",
"versionEndExcluding": "46.0.7",
"versionStartIncluding": "45.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7."
}
],
"id": "CVE-2026-39892",
"lastModified": "2026-04-15T16:12:39.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-04-08T21:17:01.547",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-P423-J2CM-9VMQ
Vulnerability from github – Published: 2026-04-08 19:23 – Updated: 2026-04-09 14:29
VLAI?
Summary
Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
Details
If a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. For example:
h = Hash(SHA256())
b.update(buf[::-1])
would read past the end of the buffer on Python >3.11
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "cryptography"
},
"ranges": [
{
"events": [
{
"introduced": "45.0.0"
},
{
"fixed": "46.0.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-39892"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-08T19:23:08Z",
"nvd_published_at": "2026-04-08T21:17:01Z",
"severity": "MODERATE"
},
"details": "If a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. `Hash.update()`), this could lead to buffer overflows. For example:\n\n```python\nh = Hash(SHA256())\nb.update(buf[::-1])\n```\n\nwould read past the end of the buffer on Python \u003e3.11",
"id": "GHSA-p423-j2cm-9vmq",
"modified": "2026-04-09T14:29:58Z",
"published": "2026-04-08T19:23:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"type": "PACKAGE",
"url": "https://github.com/pyca/cryptography"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs"
}
PYSEC-2026-36
Vulnerability from pysec - Published: 2026-04-08 21:17 - Updated: 2026-05-20 09:18
VLAI?
Details
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
Severity ?
9.8 (Critical)
Impacted products
| Name | purl | cryptography | pkg:pypi/cryptography |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "cryptography",
"purl": "pkg:pypi/cryptography"
},
"ranges": [
{
"events": [
{
"introduced": "45.0.0"
},
{
"fixed": "46.0.7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"45.0.0",
"45.0.1",
"45.0.2",
"45.0.3",
"45.0.4",
"45.0.5",
"45.0.6",
"45.0.7",
"46.0.0",
"46.0.1",
"46.0.2",
"46.0.3",
"46.0.4",
"46.0.5",
"46.0.6"
]
}
],
"aliases": [
"CVE-2026-39892",
"GHSA-p423-j2cm-9vmq"
],
"details": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.",
"id": "PYSEC-2026-36",
"modified": "2026-05-20T09:18:55.965312Z",
"published": "2026-04-08T21:17:01.547Z",
"references": [
{
"type": "ADVISORY",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"type": "ADVISORY",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
RHSA-2026:19375
Vulnerability from csaf_redhat - Published: 2026-05-19 21:01 - Updated: 2026-05-22 13:53Summary
Red Hat Security Advisory: Red Hat Quay 3.16.4
Severity
Important
Notes
Topic: Red Hat Quay 3.16.4 is now available with bug fixes.
Details: Quay 3.16.4
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
7.0 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
No description is available for this CVE.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.
8.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker's key, allowing them to bypass authentication and gain unauthorized access.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Low
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.
5.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
References
266 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:19375 | self |
| https://access.redhat.com/security/cve/CVE-2025-61726 | external |
| https://access.redhat.com/security/cve/CVE-2025-62718 | external |
| https://access.redhat.com/security/cve/CVE-2026-2377 | external |
| https://access.redhat.com/security/cve/CVE-2026-25679 | external |
| https://access.redhat.com/security/cve/CVE-2026-27137 | external |
| https://access.redhat.com/security/cve/CVE-2026-27459 | external |
| https://access.redhat.com/security/cve/CVE-2026-27962 | external |
| https://access.redhat.com/security/cve/CVE-2026-28802 | external |
| https://access.redhat.com/security/cve/CVE-2026-29063 | external |
| https://access.redhat.com/security/cve/CVE-2026-29074 | external |
| https://access.redhat.com/security/cve/CVE-2026-30922 | external |
| https://access.redhat.com/security/cve/CVE-2026-32280 | external |
| https://access.redhat.com/security/cve/CVE-2026-32282 | external |
| https://access.redhat.com/security/cve/CVE-2026-32286 | external |
| https://access.redhat.com/security/cve/CVE-2026-32589 | external |
| https://access.redhat.com/security/cve/CVE-2026-32590 | external |
| https://access.redhat.com/security/cve/CVE-2026-32591 | external |
| https://access.redhat.com/security/cve/CVE-2026-32597 | external |
| https://access.redhat.com/security/cve/CVE-2026-33186 | external |
| https://access.redhat.com/security/cve/CVE-2026-33894 | external |
| https://access.redhat.com/security/cve/CVE-2026-34986 | external |
| https://access.redhat.com/security/cve/CVE-2026-39892 | external |
| https://access.redhat.com/security/cve/CVE-2026-40192 | external |
| https://access.redhat.com/security/cve/CVE-2026-40895 | external |
| https://access.redhat.com/security/cve/CVE-2026-42033 | external |
| https://access.redhat.com/security/cve/CVE-2026-42035 | external |
| https://access.redhat.com/security/cve/CVE-2026-42039 | external |
| https://access.redhat.com/security/cve/CVE-2026-42041 | external |
| https://access.redhat.com/security/cve/CVE-2026-42043 | external |
| https://access.redhat.com/security/cve/CVE-2026-42044 | external |
| https://access.redhat.com/security/cve/CVE-2026-4427 | external |
| https://access.redhat.com/security/cve/CVE-2026-4598 | external |
| https://access.redhat.com/security/cve/CVE-2026-4599 | external |
| https://access.redhat.com/security/cve/CVE-2026-4600 | external |
| https://access.redhat.com/security/cve/CVE-2026-4601 | external |
| https://access.redhat.com/security/cve/CVE-2026-4602 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2025-61726 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2434432 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-61726 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-61726 | external |
| https://go.dev/cl/736712 | external |
| https://go.dev/issue/77101 | external |
| https://groups.google.com/g/golang-announce/c/Vd2… | external |
| https://pkg.go.dev/vuln/GO-2026-4341 | external |
| https://access.redhat.com/security/cve/CVE-2025-62718 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2456913 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-62718 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-62718 | external |
| https://datatracker.ietf.org/doc/html/rfc1034#sec… | external |
| https://datatracker.ietf.org/doc/html/rfc3986#sec… | external |
| https://github.com/axios/axios/commit/fb3befb6daa… | external |
| https://github.com/axios/axios/pull/10661 | external |
| https://github.com/axios/axios/releases/tag/v1.15.0 | external |
| https://github.com/axios/axios/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-2377 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2439201 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-2377 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-2377 | external |
| https://access.redhat.com/security/cve/CVE-2026-4427 | self |
| https://www.cve.org/CVERecord?id=CVE-2026-4427 | external |
| https://access.redhat.com/security/cve/CVE-2026-4598 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2450210 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-4598 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-4598 | external |
| https://gist.github.com/Kr0emer/a1bf5cd4547cc630d… | external |
| https://github.com/kjur/jsrsasign/commit/ca5b0272… | external |
| https://github.com/kjur/jsrsasign/pull/648 | external |
| https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-1… | external |
| https://access.redhat.com/security/cve/CVE-2026-4599 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2450207 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-4599 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-4599 | external |
| https://gist.github.com/Kr0emer/081681818b51605c9… | external |
| https://github.com/kjur/jsrsasign/commit/ee4b0134… | external |
| https://github.com/kjur/jsrsasign/pull/647 | external |
| https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-1… | external |
| https://access.redhat.com/security/cve/CVE-2026-4600 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2450208 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-4600 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-4600 | external |
| https://gist.github.com/Kr0emer/bf15ddc097176e951… | external |
| https://github.com/kjur/jsrsasign/commit/37b4c06b… | external |
| https://github.com/kjur/jsrsasign/pull/646 | external |
| https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-1… | external |
| https://access.redhat.com/security/cve/CVE-2026-4601 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2450209 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-4601 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-4601 | external |
| https://gist.github.com/Kr0emer/93789fe6efe5519db… | external |
| https://github.com/kjur/jsrsasign/commit/0710e392… | external |
| https://github.com/kjur/jsrsasign/pull/645 | external |
| https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-1… | external |
| https://access.redhat.com/security/cve/CVE-2026-4602 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2450206 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-4602 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-4602 | external |
| https://gist.github.com/Kr0emer/7ecd2be7d17419e46… | external |
| https://github.com/kjur/jsrsasign/commit/5ea1c32b… | external |
| https://github.com/kjur/jsrsasign/pull/650 | external |
| https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-1… | external |
| https://access.redhat.com/security/cve/CVE-2026-25679 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445356 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-25679 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-25679 | external |
| https://go.dev/cl/752180 | external |
| https://go.dev/issue/77578 | external |
| https://groups.google.com/g/golang-announce/c/Edh… | external |
| https://pkg.go.dev/vuln/GO-2026-4601 | external |
| https://access.redhat.com/security/cve/CVE-2026-27137 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445345 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-27137 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-27137 | external |
| https://go.dev/cl/752182 | external |
| https://go.dev/issue/77952 | external |
| https://pkg.go.dev/vuln/GO-2026-4599 | external |
| https://access.redhat.com/security/cve/CVE-2026-27459 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448503 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-27459 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-27459 | external |
| https://github.com/pyca/pyopenssl/blob/358cbf29c4… | external |
| https://github.com/pyca/pyopenssl/commit/57f09bb4… | external |
| https://github.com/pyca/pyopenssl/security/adviso… | external |
| https://access.redhat.com/security/cve/CVE-2026-27962 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448164 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-27962 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-27962 | external |
| https://github.com/authlib/authlib/commit/a5d4b2d… | external |
| https://github.com/authlib/authlib/releases/tag/v1.6.9 | external |
| https://github.com/authlib/authlib/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-28802 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445120 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28802 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28802 | external |
| https://github.com/authlib/authlib/commit/a61c2ac… | external |
| https://github.com/authlib/authlib/commit/b87c32e… | external |
| https://github.com/authlib/authlib/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-29063 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445291 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-29063 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-29063 | external |
| https://github.com/immutable-js/immutable-js/rele… | external |
| https://github.com/immutable-js/immutable-js/rele… | external |
| https://github.com/immutable-js/immutable-js/rele… | external |
| https://github.com/immutable-js/immutable-js/secu… | external |
| https://access.redhat.com/security/cve/CVE-2026-29074 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445132 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-29074 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-29074 | external |
| https://github.com/svg/svgo/security/advisories/G… | external |
| https://access.redhat.com/security/cve/CVE-2026-30922 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448553 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-30922 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-30922 | external |
| https://github.com/pyasn1/pyasn1/commit/25ad481c1… | external |
| https://github.com/pyasn1/pyasn1/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2026-32280 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2456339 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32280 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32280 | external |
| https://go.dev/cl/758320 | external |
| https://go.dev/issue/78282 | external |
| https://groups.google.com/g/golang-announce/c/0uY… | external |
| https://pkg.go.dev/vuln/GO-2026-4947 | external |
| https://access.redhat.com/security/cve/CVE-2026-32282 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2456336 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32282 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32282 | external |
| https://go.dev/cl/763761 | external |
| https://go.dev/issue/78293 | external |
| https://pkg.go.dev/vuln/GO-2026-4864 | external |
| https://access.redhat.com/security/cve/CVE-2026-32286 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2451847 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32286 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32286 | external |
| https://github.com/golang/vulndb/issues/4518 | external |
| https://github.com/jackc/pgx/issues/2507 | external |
| https://pkg.go.dev/vuln/GO-2026-4518 | external |
| https://access.redhat.com/security/cve/CVE-2026-32589 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2446963 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32589 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32589 | external |
| https://access.redhat.com/security/cve/CVE-2026-32590 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2446964 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32590 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32590 | external |
| https://access.redhat.com/security/cve/CVE-2026-32591 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2446965 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32591 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32591 | external |
| https://access.redhat.com/security/cve/CVE-2026-32597 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447194 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32597 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32597 | external |
| https://github.com/jpadilla/pyjwt/security/adviso… | external |
| https://access.redhat.com/security/cve/CVE-2026-33186 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2449833 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-33186 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-33186 | external |
| https://github.com/grpc/grpc-go/security/advisori… | external |
| https://access.redhat.com/security/cve/CVE-2026-33894 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2452464 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-33894 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-33894 | external |
| https://datatracker.ietf.org/doc/html/rfc2313#section-8 | external |
| https://github.com/digitalbazaar/forge/security/a… | external |
| https://mailarchive.ietf.org/arch/msg/openpgp/5rn… | external |
| https://www.rfc-editor.org/rfc/rfc8017.html | external |
| https://access.redhat.com/security/cve/CVE-2026-34986 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2455470 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-34986 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-34986 | external |
| https://github.com/go-jose/go-jose/security/advis… | external |
| https://pkg.go.dev/github.com/go-jose/go-jose/v4#… | external |
| https://access.redhat.com/security/cve/CVE-2026-39892 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2456735 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-39892 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-39892 | external |
| http://www.openwall.com/lists/oss-security/2026/0… | external |
| https://github.com/pyca/cryptography/commit/622d6… | external |
| https://github.com/pyca/cryptography/security/adv… | external |
| https://access.redhat.com/security/cve/CVE-2026-40192 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2458856 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-40192 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-40192 | external |
| https://github.com/python-pillow/Pillow/commit/3c… | external |
| https://github.com/python-pillow/Pillow/pull/9521 | external |
| https://github.com/python-pillow/Pillow/security/… | external |
| https://pillow.readthedocs.io/en/stable/releaseno… | external |
| https://access.redhat.com/security/cve/CVE-2026-40895 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2460297 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-40895 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-40895 | external |
| https://github.com/follow-redirects/follow-redire… | external |
| https://access.redhat.com/security/cve/CVE-2026-42033 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461607 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42033 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42033 | external |
| https://github.com/axios/axios/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42035 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461606 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42035 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42035 | external |
| https://github.com/axios/axios/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42039 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461630 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42039 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42039 | external |
| https://github.com/axios/axios/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42041 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461629 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42041 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42041 | external |
| https://github.com/axios/axios/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42043 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461626 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42043 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42043 | external |
| https://github.com/axios/axios/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42044 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461624 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42044 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42044 | external |
| https://github.com/axios/axios/security/advisorie… | external |
Acknowledgments
Antony Di Scala
Michael Whale
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.16.4 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.16.4",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:19375",
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2377",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27962",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-30922",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32589",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32590",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32591",
"url": "https://access.redhat.com/security/cve/CVE-2026-32591"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32597",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33894",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40192",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4598",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4599",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4600",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4601",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4602",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19375.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.16.4",
"tracking": {
"current_release_date": "2026-05-22T13:53:02+00:00",
"generator": {
"date": "2026-05-22T13:53:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:19375",
"initial_release_date": "2026-05-19T21:01:11+00:00",
"revision_history": [
{
"date": "2026-05-19T21:01:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-19T21:01:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-22T13:53:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.16",
"product": {
"name": "Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Aae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778705065"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704515"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778705175"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Af610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704509"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778705015"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Af423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704556"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1779209336"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1779135957"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1779204086"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704515"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704509"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704556"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Ae77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1779135957"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3Af6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1779204086"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704515"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704509"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704556"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1779135957"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3Aad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1779204086"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1779204086"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-62718",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-09T15:01:48.111177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "RHBZ#2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10661",
"url": "https://github.com/axios/axios/pull/10661"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"release_date": "2026-04-09T14:31:46.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-2377",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-02-11T21:02:44.495000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439201"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application\u0027s backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Due to the intended and supported use case of Openshift Mirror Registry, deployment in an offline or network-isolated environment, the impact for this product has been downgraded to `Moderate`.\n\nEven in case of compromise, the blast radius is restricted to mirror-registry. It can not be escalated outside the core product. This vulnerability has been scored based on the lack of change of scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "RHBZ#2439201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2377"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377"
}
],
"release_date": "2026-04-08T16:18:10.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality"
},
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-4598",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-03-23T06:01:47.891452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A denial of service flaw was found in jsrsasign. This vulnerability allows a remote attacker to cause a permanent denial of service by providing specially crafted zero or negative inputs to the bnModInverse function, leading to an infinite loop. This affects Red Hat Migration Toolkit for Virtualization and Red Hat Quay, which utilize the vulnerable jsrsasign component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "RHBZ#2450210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264",
"url": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323",
"url": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/648",
"url": "https://github.com/kjur/jsrsasign/pull/648"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938"
}
],
"release_date": "2026-03-23T05:00:11.571000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs"
},
{
"cve": "CVE-2026-4599",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2026-03-23T06:01:34.008562+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "RHBZ#2450207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4599",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20",
"url": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1",
"url": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/647",
"url": "https://github.com/kjur/jsrsasign/pull/647"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939"
}
],
"release_date": "2026-03-23T05:00:12.522000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces"
},
{
"cve": "CVE-2026-4600",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-23T06:01:39.334925+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT. The flaw in jsrsasign allows an attacker to forge Digital Signature Algorithm (DSA) signatures or X.509 certificates by providing malicious domain parameters during validation. This could lead to unauthorized access or data manipulation in affected Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, where jsrsasign is utilized for cryptographic signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "RHBZ#2450208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4600",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4600"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7",
"url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60",
"url": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/646",
"url": "https://github.com/kjur/jsrsasign/pull/646"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940"
}
],
"release_date": "2026-03-23T05:00:08.475000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters"
},
{
"cve": "CVE-2026-4601",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-23T06:01:44.014846+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450209"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A flaw in the jsrsasign library allows for private key recovery due to a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process. An attacker can manipulate signature generation within the KJUR.crypto.DSA.signWithMessageHash function to force specific values, enabling the recovery of the private key. This impacts Red Hat products utilizing jsrsasign, such as Migration Toolkit for Virtualization and Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "RHBZ#2450209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586",
"url": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb",
"url": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/645",
"url": "https://github.com/kjur/jsrsasign/pull/645"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941"
}
],
"release_date": "2026-03-23T05:00:13.312000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing"
},
{
"cve": "CVE-2026-4602",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2026-03-23T06:01:28.729668+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450206"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT flaw. The `jsrsasign` library, as used in Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, is vulnerable to a signature verification bypass. A remote attacker could provide a specially crafted negative exponent to the `modPow` function, leading to incorrect modular inverse computations and allowing them to bypass signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "RHBZ#2450206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450206"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5",
"url": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195",
"url": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/650",
"url": "https://github.com/kjur/jsrsasign/pull/650"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175"
}
],
"release_date": "2026-03-23T05:00:10.567000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-27962",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-16T18:02:07.041902+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker\u0027s key, allowing them to bypass authentication and gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This critical vulnerability in Authlib\u0027s JWS implementation allows unauthenticated attackers to forge JWTs by embedding their own cryptographic key in the token header. Impact is high to confidentiality and integrity as attackers can bypass authentication.\n\nThe impact for Red Hat Quay is rated as low because it imports authlib solely as a JWK parsing utility and performs all JWT signature verification through PyJWT, so the vulnerable jws.deserialize_compact() code path is never called.\n\nRed Hat OpenShift AI is not affected, since authlib is only present as a transitive dependency in the dev dependency group and is not included in production image builds, so the vulnerable code is not present in the shipped product.\n\nRed Hat Satellite is not affected, as authlib is only present as a dependency of fastmcp. In Satellite, fastmcp only invokes authlib using jwt.decode() which isn\u0027t able to reach the vulnerability condition even with key=none.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "RHBZ#2448164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681",
"url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5"
}
],
"release_date": "2026-03-16T17:34:38.946000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-30922",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-03-18T04:02:45.401296+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448553"
}
],
"notes": [
{
"category": "description",
"text": "An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "RHBZ#2448553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
}
],
"release_date": "2026-03-18T02:29:45.857000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32589",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2026-03-12T14:43:07.878000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: insecure direct object reference in BlobUpload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials to the Quay registry. Unauthenticated users cannot exploit this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "RHBZ#2446963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32589",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: insecure direct object reference in BlobUpload"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32590",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-03-12T14:43:11.443000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446964"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: remote code execution using pickle deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials. The attacker must be authenticated to the registry, either through the web interface or through a container tool such as Podman.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "RHBZ#2446964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32590",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mirror-registry: remote code execution using pickle deserialization"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32591",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-03-12T15:09:38.210000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446965"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires the attacker to be authenticated as an organization administrator.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32591"
},
{
"category": "external",
"summary": "RHBZ#2446965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446965"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32591",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32591"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32591",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32591"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration"
},
{
"cve": "CVE-2026-32597",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-12T22:01:29.967713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447194"
}
],
"notes": [
{
"category": "description",
"text": "A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 \u00a74.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "RHBZ#2447194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
}
],
"release_date": "2026-03-12T21:41:50.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33894",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-27T21:02:52.462999+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "RHBZ#2452464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc2313#section-8",
"url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
},
{
"category": "external",
"summary": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE",
"url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc8017.html",
"url": "https://www.rfc-editor.org/rfc/rfc8017.html"
}
],
"release_date": "2026-03-27T20:45:49.583000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-40192",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-04-16T00:00:49.590876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library\u0027s failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "RHBZ#2458856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
"url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9521",
"url": "https://github.com/python-pillow/Pillow/pull/9521"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
},
{
"category": "external",
"summary": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
}
],
"release_date": "2026-04-15T22:53:56.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:20338
Vulnerability from csaf_redhat - Published: 2026-05-21 22:10 - Updated: 2026-05-22 08:51Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Severity
Important
Notes
Topic: A Subscription Management tool for finding and reporting Red Hat product usage
Details: Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,
identifies, and reports environment data, or facts, such as the number of physical and virtual
systems on a network, their operating systems, and relevant configuration data stored within
them. Discovery also identifies and reports more detailed facts for some versions of key
Red Hat packages and products that it finds in the network.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 | — |
Threats
Impact
Important
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
7.3 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 | — |
Threats
Impact
Important
References
31 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:20338 | self |
| https://access.redhat.com/security/cve/CVE-2026-39892 | external |
| https://access.redhat.com/security/cve/CVE-2026-42044 | external |
| https://access.redhat.com/security/cve/CVE-2026-44432 | external |
| https://access.redhat.com/security/cve/CVE-2026-6321 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://docs.redhat.com/en/documentation/subscrip… | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-6321 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2466582 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-6321 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-6321 | external |
| https://cna.openjsf.org/security-advisories.html | external |
| https://github.com/fastify/fast-uri/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2026-39892 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2456735 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-39892 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-39892 | external |
| http://www.openwall.com/lists/oss-security/2026/0… | external |
| https://github.com/pyca/cryptography/commit/622d6… | external |
| https://github.com/pyca/cryptography/security/adv… | external |
| https://access.redhat.com/security/cve/CVE-2026-42044 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461624 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42044 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42044 | external |
| https://github.com/axios/axios/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-44432 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477154 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44432 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44432 | external |
| https://github.com/urllib3/urllib3/security/advis… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:20338",
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6321",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_20338.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-05-22T08:51:17+00:00",
"generator": {
"date": "2026-05-22T08:51:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:20338",
"initial_release_date": "2026-05-21T22:10:28+00:00",
"revision_history": [
{
"date": "2026-05-21T22:10:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-21T22:10:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-22T08:51:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Afeab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1779395228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1779395188"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1779395228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1779395188"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6321",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-05-04T20:01:14.938426+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466582"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "RHBZ#2466582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466582"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6321",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
}
],
"release_date": "2026-05-04T19:31:57.253000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T22:10:28+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T22:10:28+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T22:10:28+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T22:10:28+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:7295
Vulnerability from csaf_redhat - Published: 2026-04-09 11:17 - Updated: 2026-05-22 02:44Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:python-cryptography-main@src | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:python-cryptography-main@aarch64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:python-cryptography-main@x86_64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `cryptography` library. This vulnerability occurs because DNS (Domain Name System) name constraints were not properly validated against the "peer name" during certificate validation, only against Subject Alternative Names (SANs) within child certificates. This oversight could allow a malicious actor to bypass security restrictions, enabling a certificate for a specific domain to be validated against a broader wildcard certificate, even when an exclusion for that specific domain exists. This could lead to an attacker impersonating a legitimate server or service.
CWE-295 - Improper Certificate ValidationAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:python-cryptography-main@src | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:python-cryptography-main@aarch64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:python-cryptography-main@x86_64 | — |
Workaround
|
Threats
Impact
Low
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:python-cryptography-main@src | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:python-cryptography-main@aarch64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:python-cryptography-main@x86_64 | — |
Workaround
|
Threats
Impact
Important
References
25 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:7295 | self |
| https://images.redhat.com/ | external |
| https://access.redhat.com/security/cve/CVE-2026-26007 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/security/cve/CVE-2026-39892 | external |
| https://access.redhat.com/security/cve/CVE-2026-34073 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-26007 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2438762 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-26007 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-26007 | external |
| https://github.com/pyca/cryptography/commit/0eebb… | external |
| https://github.com/pyca/cryptography/security/adv… | external |
| https://access.redhat.com/security/cve/CVE-2026-34073 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453276 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-34073 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-34073 | external |
| https://github.com/pyca/cryptography/security/adv… | external |
| https://access.redhat.com/security/cve/CVE-2026-39892 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2456735 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-39892 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-39892 | external |
| http://www.openwall.com/lists/oss-security/2026/0… | external |
| https://github.com/pyca/cryptography/commit/622d6… | external |
| https://github.com/pyca/cryptography/security/adv… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7295",
"url": "https://access.redhat.com/errata/RHSA-2026:7295"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34073",
"url": "https://access.redhat.com/security/cve/CVE-2026-34073"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7295.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-05-22T02:44:45+00:00",
"generator": {
"date": "2026-05-22T02:44:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:7295",
"initial_release_date": "2026-04-09T11:17:29+00:00",
"revision_history": [
{
"date": "2026-04-09T11:17:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-18T19:57:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-22T02:44:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cryptography-main@src",
"product": {
"name": "python-cryptography-main@src",
"product_id": "python-cryptography-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography@46.0.7-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cryptography-main@aarch64",
"product": {
"name": "python-cryptography-main@aarch64",
"product_id": "python-cryptography-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@46.0.7-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cryptography-main@x86_64",
"product": {
"name": "python-cryptography-main@x86_64",
"product_id": "python-cryptography-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-cryptography@46.0.7-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python-cryptography-main@aarch64"
},
"product_reference": "python-cryptography-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python-cryptography-main@src"
},
"product_reference": "python-cryptography-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python-cryptography-main@x86_64"
},
"product_reference": "python-cryptography-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:python-cryptography-main@aarch64",
"Red Hat Hardened Images:python-cryptography-main@x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw, while difficult to exploit, would lead to a loss of integrity in the encrypted communication channel. Given that the cryptography package is a library, it is likely to be used in situations that do not require user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python-cryptography-main@src"
],
"known_not_affected": [
"Red Hat Hardened Images:python-cryptography-main@aarch64",
"Red Hat Hardened Images:python-cryptography-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:17:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python-cryptography-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7295"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python-cryptography-main@aarch64",
"Red Hat Hardened Images:python-cryptography-main@src",
"Red Hat Hardened Images:python-cryptography-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python-cryptography-main@aarch64",
"Red Hat Hardened Images:python-cryptography-main@src",
"Red Hat Hardened Images:python-cryptography-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
},
{
"cve": "CVE-2026-34073",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-31T03:01:24.693240+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:python-cryptography-main@aarch64",
"Red Hat Hardened Images:python-cryptography-main@x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453276"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `cryptography` library. This vulnerability occurs because DNS (Domain Name System) name constraints were not properly validated against the \"peer name\" during certificate validation, only against Subject Alternative Names (SANs) within child certificates. This oversight could allow a malicious actor to bypass security restrictions, enabling a certificate for a specific domain to be validated against a broader wildcard certificate, even when an exclusion for that specific domain exists. This could lead to an attacker impersonating a legitimate server or service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-cryptography: Cryptography: Security bypass due to improper DNS name constraint validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products and services do not employ certificate chains of the form required for this vulnerability. A Red Hat customer may construct such a certificate chain, however these would be non-default configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python-cryptography-main@src"
],
"known_not_affected": [
"Red Hat Hardened Images:python-cryptography-main@aarch64",
"Red Hat Hardened Images:python-cryptography-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34073"
},
{
"category": "external",
"summary": "RHBZ#2453276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453276"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34073",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34073"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43"
}
],
"release_date": "2026-03-31T02:04:36.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:17:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python-cryptography-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7295"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python-cryptography-main@aarch64",
"Red Hat Hardened Images:python-cryptography-main@src",
"Red Hat Hardened Images:python-cryptography-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python-cryptography-main@aarch64",
"Red Hat Hardened Images:python-cryptography-main@src",
"Red Hat Hardened Images:python-cryptography-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python-cryptography: Cryptography: Security bypass due to improper DNS name constraint validation"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:python-cryptography-main@aarch64",
"Red Hat Hardened Images:python-cryptography-main@x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python-cryptography-main@src"
],
"known_not_affected": [
"Red Hat Hardened Images:python-cryptography-main@aarch64",
"Red Hat Hardened Images:python-cryptography-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:17:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python-cryptography-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7295"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:python-cryptography-main@aarch64",
"Red Hat Hardened Images:python-cryptography-main@src",
"Red Hat Hardened Images:python-cryptography-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python-cryptography-main@aarch64",
"Red Hat Hardened Images:python-cryptography-main@src",
"Red Hat Hardened Images:python-cryptography-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…