RHSA-2026:3106
Vulnerability from csaf_redhat - Published: 2026-02-23 17:14 - Updated: 2026-03-12 12:42Summary
Red Hat Security Advisory: Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0
Notes
Topic
Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Kiali 2.4.13, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently
Security Fix(es):
* kiali-ossmc-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
* kiali-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.4.13, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)\n\n* kiali-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3106",
"url": "https://access.redhat.com/errata/RHSA-2026:3106"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-25639",
"url": "https://access.redhat.com/security/cve/cve-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3106.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0",
"tracking": {
"current_release_date": "2026-03-12T12:42:30+00:00",
"generator": {
"date": "2026-03-12T12:42:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:3106",
"initial_release_date": "2026-02-23T17:14:27+00:00",
"revision_history": [
{
"date": "2026-02-23T17:14:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T17:14:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-12T12:42:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Af3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771373071"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Af342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372940"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771373071"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372940"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ad014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771373071"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ae0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372940"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ab28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771373071"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372940"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:14:27+00:00",
"details": "See Kiali 2.4.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3106"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…