Vulnerability-Lookup

RHSA-2026:20338

Vulnerability from csaf_redhat - Published: 2026-05-21 22:10 - Updated: 2026-05-22 02:42

Summary

Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

Severity

Important

Notes

Topic: A Subscription Management tool for finding and reporting Red Hat product usage

Details: Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-6321

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64		—	Vendor Fix fix
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64		—
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64		—

Threats

Impact Important

CVE-2026-39892

A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64		—	Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64		—	Workaround

Threats

Impact Important

CVE-2026-42044

A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64		—	Workaround
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64		—	Workaround

Threats

Impact Important

CVE-2026-44432

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64		—	Vendor Fix fix
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64		—
Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64		—

Threats

Impact Important

References

31 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:20338	self
https://access.redhat.com/security/cve/CVE-2026-39892	external
https://access.redhat.com/security/cve/CVE-2026-42044	external
https://access.redhat.com/security/cve/CVE-2026-44432	external
https://access.redhat.com/security/cve/CVE-2026-6321	external
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/subscrip…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-6321	self
https://bugzilla.redhat.com/show_bug.cgi?id=2466582	external
https://www.cve.org/CVERecord?id=CVE-2026-6321	external
https://nvd.nist.gov/vuln/detail/CVE-2026-6321	external
https://cna.openjsf.org/security-advisories.html	external
https://github.com/fastify/fast-uri/security/advi…	external
https://access.redhat.com/security/cve/CVE-2026-39892	self
https://bugzilla.redhat.com/show_bug.cgi?id=2456735	external
https://www.cve.org/CVERecord?id=CVE-2026-39892	external
https://nvd.nist.gov/vuln/detail/CVE-2026-39892	external
http://www.openwall.com/lists/oss-security/2026/0…	external
https://github.com/pyca/cryptography/commit/622d6…	external
https://github.com/pyca/cryptography/security/adv…	external
https://access.redhat.com/security/cve/CVE-2026-42044	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461624	external
https://www.cve.org/CVERecord?id=CVE-2026-42044	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42044	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-44432	self
https://bugzilla.redhat.com/show_bug.cgi?id=2477154	external
https://www.cve.org/CVERecord?id=CVE-2026-44432	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44432	external
https://github.com/urllib3/urllib3/security/advis…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A Subscription Management tool for finding and reporting Red Hat product usage",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:20338",
        "url": "https://access.redhat.com/errata/RHSA-2026:20338"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
        "url": "https://access.redhat.com/security/cve/CVE-2026-39892"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42044"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44432"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-6321",
        "url": "https://access.redhat.com/security/cve/CVE-2026-6321"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
        "url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_20338.json"
      }
    ],
    "title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
    "tracking": {
      "current_release_date": "2026-05-22T02:42:53+00:00",
      "generator": {
        "date": "2026-05-22T02:42:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2026:20338",
      "initial_release_date": "2026-05-21T22:10:28+00:00",
      "revision_history": [
        {
          "date": "2026-05-21T22:10:28+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-05-21T22:10:32+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-22T02:42:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Discovery 2",
                "product": {
                  "name": "Red Hat Discovery 2",
                  "product_id": "Red Hat Discovery 2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:discovery:2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Discovery"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
                  "product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-server-rhel9@sha256%3Afeab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1779395228"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
                  "product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-ui-rhel9@sha256%3A6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1779395188"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
                  "product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-server-rhel9@sha256%3A4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1779395228"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
                  "product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-ui-rhel9@sha256%3A58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1779395188"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-6321",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2026-05-04T20:01:14.938426+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2466582"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-6321"
        },
        {
          "category": "external",
          "summary": "RHBZ#2466582",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466582"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-6321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6321"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
        },
        {
          "category": "external",
          "summary": "https://cna.openjsf.org/security-advisories.html",
          "url": "https://cna.openjsf.org/security-advisories.html"
        },
        {
          "category": "external",
          "summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6",
          "url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
        }
      ],
      "release_date": "2026-05-04T19:31:57.253000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T22:10:28+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:20338"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies"
    },
    {
      "cve": "CVE-2026-39892",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "discovery_date": "2026-04-08T22:00:59.416053+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456735"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-39892"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456735",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
          "url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
          "url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
          "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
        }
      ],
      "release_date": "2026-04-08T20:49:41.967000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T22:10:28+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:20338"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
    },
    {
      "cve": "CVE-2026-42044",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2026-04-24T19:01:13.418725+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461624"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42044"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461624",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
        }
      ],
      "release_date": "2026-04-24T17:49:49.517000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T22:10:28+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:20338"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
    },
    {
      "cve": "CVE-2026-44432",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "discovery_date": "2026-05-13T17:01:01.083841+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2477154"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44432"
        },
        {
          "category": "external",
          "summary": "RHBZ#2477154",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
        },
        {
          "category": "external",
          "summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
        }
      ],
      "release_date": "2026-05-13T15:17:12.611000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T22:10:28+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:20338"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
    }
  ]
}

CVE-2026-39892 (GCVE-0-2026-39892)

Vulnerability from cvelistv5 – Published: 2026-04-08 20:49 – Updated: 2026-04-09 19:52

Title

cryptography has a buffer overflow if non-contiguous buffers were passed to APIs

Summary

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/pyca/cryptography/security/adv…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
pyca	cryptography	Affected: >= 45.0.0, < 46.0.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-08T21:16:07.164Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-39892",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-09T19:41:57.662246Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-09T19:52:22.602Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cryptography",
          "vendor": "pyca",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 45.0.0, \u003c 46.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T20:49:41.967Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
        }
      ],
      "source": {
        "advisory": "GHSA-p423-j2cm-9vmq",
        "discovery": "UNKNOWN"
      },
      "title": "cryptography has a buffer overflow if non-contiguous buffers were passed to APIs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-39892",
    "datePublished": "2026-04-08T20:49:41.967Z",
    "dateReserved": "2026-04-07T20:32:03.011Z",
    "dateUpdated": "2026-04-09T19:52:22.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42044 (GCVE-0-2026-42044)

Vulnerability from cvelistv5 – Published: 2026-04-24 17:49 – Updated: 2026-04-24 18:12

Title

Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

Summary

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible modification of all JSON API responses — including privilege escalation, balance manipulation, and authorization bypass. The default transformResponse function at lib/defaults/index.js:124 calls JSON.parse(data, this.parseReviver), where this is the merged config object. Because parseReviver is not present in Axios defaults, not validated by assertOptions, and not subject to any constraints, a polluted Object.prototype.parseReviver function is called for every key-value pair in every JSON response, allowing the attacker to selectively modify individual values while leaving the rest of the response intact. This vulnerability is fixed in 1.15.2.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/axios/axios/security/advisorie…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
axios	axios	Affected: >= 1.0.0, < 1.15.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42044",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-24T18:11:49.647774Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-24T18:12:13.920Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "axios",
          "vendor": "axios",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.15.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution \"Gadget\" attack that allows any Object.prototype pollution in the application\u0027s dependency tree to be escalated into surgical, invisible modification of all JSON API responses \u2014 including privilege escalation, balance manipulation, and authorization bypass. The default transformResponse function at lib/defaults/index.js:124 calls JSON.parse(data, this.parseReviver), where this is the merged config object. Because parseReviver is not present in Axios defaults, not validated by assertOptions, and not subject to any constraints, a polluted Object.prototype.parseReviver function is called for every key-value pair in every JSON response, allowing the attacker to selectively modify individual values while leaving the rest of the response intact. This vulnerability is fixed in 1.15.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-915",
              "description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-24T17:50:26.586Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
        }
      ],
      "source": {
        "advisory": "GHSA-3w6x-2g7m-8v23",
        "discovery": "UNKNOWN"
      },
      "title": "Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42044",
    "datePublished": "2026-04-24T17:49:49.517Z",
    "dateReserved": "2026-04-23T16:05:01.709Z",
    "dateUpdated": "2026-04-24T18:12:13.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44432 (GCVE-0-2026-44432)

Vulnerability from cvelistv5 – Published: 2026-05-13 15:17 – Updated: 2026-05-15 18:25

Title

urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

Summary

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.

Severity ?

8.9 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

CWE

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/urllib3/urllib3/security/advis…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
urllib3	urllib3	Affected: >= 2.6.0, < 2.7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44432",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-15T18:17:39.119999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T18:25:06.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "urllib3",
          "vendor": "urllib3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.6.0, \u003c 2.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-409",
              "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T15:17:12.611Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
        }
      ],
      "source": {
        "advisory": "GHSA-mf9v-mfxr-j63j",
        "discovery": "UNKNOWN"
      },
      "title": "urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44432",
    "datePublished": "2026-05-13T15:17:12.611Z",
    "dateReserved": "2026-05-06T14:40:00.954Z",
    "dateUpdated": "2026-05-15T18:25:06.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6321 (GCVE-0-2026-6321)

Vulnerability from cvelistv5 – Published: 2026-05-04 19:31 – Updated: 2026-05-05 12:44

Title

fast-uri vulnerable to path traversal via percent-encoded dot segments

Summary

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications that normalize or compare attacker-controlled URLs to enforce path-based policy can be bypassed, with a path that appears confined under an allowed prefix normalizing to a different location. Versions <= 3.1.0 are affected. Update to 3.1.1 or later.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

openjs

References

2 references

URL	Tags
https://github.com/fastify/fast-uri/security/advi…
https://cna.openjsf.org/security-advisories.html

Impacted products

1 product

Vendor	Product	Version
fast-uri	fast-uri	Affected: 0 , < 3.1.1 (semver) Unaffected: 3.1.1 (semver)

Credits

Jvr Matteo Collina Ulises Gascón KaKa

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6321",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-05T12:44:27.336265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-05T12:44:34.743Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/fast-uri",
          "product": "fast-uri",
          "vendor": "fast-uri",
          "versions": [
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "3.1.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jvr"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Matteo Collina"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Ulises Gasc\u00f3n"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "KaKa"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications that normalize or compare attacker-controlled URLs to enforce path-based policy can be bypassed, with a path that appears confined under an allowed prefix normalizing to a different location. Versions \u003c= 3.1.0 are affected. Update to 3.1.1 or later."
            }
          ],
          "value": "fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications that normalize or compare attacker-controlled URLs to enforce path-based policy can be bypassed, with a path that appears confined under an allowed prefix normalizing to a different location. Versions \u003c= 3.1.0 are affected. Update to 3.1.1 or later."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T19:31:57.253Z",
        "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "shortName": "openjs"
      },
      "references": [
        {
          "url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
        },
        {
          "url": "https://cna.openjsf.org/security-advisories.html"
        }
      ],
      "title": "fast-uri vulnerable to path traversal via percent-encoded dot segments",
      "x_generator": {
        "engine": "cve-kit 1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
    "assignerShortName": "openjs",
    "cveId": "CVE-2026-6321",
    "datePublished": "2026-05-04T19:31:57.253Z",
    "dateReserved": "2026-04-14T20:23:01.545Z",
    "dateUpdated": "2026-05-05T12:44:34.743Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:20338

CVE-2026-39892 (GCVE-0-2026-39892)

CVE-2026-42044 (GCVE-0-2026-42044)

CVE-2026-44432 (GCVE-0-2026-44432)

CVE-2026-6321 (GCVE-0-2026-6321)

Tags

Sightings

Nomenclature