RHSA-2026:2852
Vulnerability from csaf_redhat - Published: 2026-02-17 23:04 - Updated: 2026-02-18 12:42Summary
Red Hat Security Advisory: OpenShift Security Profiles Operator bug fix and enhancement update
Notes
Topic
An updated OpenShift Security Profiles Operator image that fixes various bugs and adds new
enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.
Details
The Security Profiles Operator v0.10.0 is now available.
See the documentation for release information:
https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/security_and_compliance/security-profiles-operator
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated OpenShift Security Profiles Operator image that fixes various bugs and adds new\nenhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "The Security Profiles Operator v0.10.0 is now available.\nSee the documentation for release information:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/security_and_compliance/security-profiles-operator",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2852",
"url": "https://access.redhat.com/errata/RHSA-2026:2852"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66564",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2852.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Security Profiles Operator bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-02-18T12:42:19+00:00",
"generator": {
"date": "2026-02-18T12:42:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2852",
"initial_release_date": "2026-02-17T23:04:21+00:00",
"revision_history": [
{
"date": "2026-02-17T23:04:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-17T23:04:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-18T12:42:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Security Profiles Operator 1",
"product": {
"name": "OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_security_profiles_operator:1::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Security Profiles Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"product_id": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-selinuxd-rhel10@sha256%3A1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771365824"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"product_id": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-selinuxd-rhel8@sha256%3A7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771365778"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64",
"product_id": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-selinuxd-rhel9@sha256%3Af7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771365810"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"product_id": "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-security-profiles-operator-bundle@sha256%3A4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771367226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64",
"product_id": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-security-profiles-rhel8-operator@sha256%3Ae599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54?arch=amd64\u0026repository_url=registry.redhat.io/compliance\u0026tag=1770869850"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-selinuxd-rhel10@sha256%3A659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771365824"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-selinuxd-rhel8@sha256%3A8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771365778"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-selinuxd-rhel9@sha256%3A2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance\u0026tag=1771365810"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-security-profiles-rhel8-operator@sha256%3A66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance\u0026tag=1770869850"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64 as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64 as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64 as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64 as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64 as a component of OpenShift Security Profiles Operator 1",
"product_id": "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64",
"relates_to_product_reference": "OpenShift Security Profiles Operator 1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64"
],
"known_not_affected": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T23:04:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2852"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2025-66564",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:11.786030+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64"
],
"known_not_affected": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "RHBZ#2419054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"release_date": "2025-12-04T22:37:13.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T23:04:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2852"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le",
"OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…