RHSA-2026:36808
Vulnerability from csaf_redhat - Published: 2026-07-08 16:06 - Updated: 2026-07-09 09:16A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — | ||
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "DevWorkspace Operator 0.42.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The DevWorkspace Operator extends OpenShift to provide DevWorkspace support.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36808",
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39828",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39829",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39830",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42508",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46595",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/CRW-11515",
"url": "https://redhat.atlassian.net/browse/CRW-11515"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36808.json"
}
],
"title": "Red Hat Security Advisory: DevWorkspace Operator 0.42.0 release.",
"tracking": {
"current_release_date": "2026-07-09T09:16:55+00:00",
"generator": {
"date": "2026-07-09T09:16:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:36808",
"initial_release_date": "2026-07-08T16:06:37+00:00",
"revision_history": [
{
"date": "2026-07-08T16:06:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-08T16:06:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T09:16:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "DevWorkspace Operator 0.42",
"product": {
"name": "DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:devworkspace:0.42::el9"
}
}
}
],
"category": "product_family",
"name": "DevWorkspace Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-rhel9-operator\u0026tag=1782401674"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-operator-bundle@sha256%3A2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-operator-bundle\u0026tag=1782405692"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3Af1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9\u0026tag=1782401412"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9\u0026tag=1782400868"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-rhel9-operator\u0026tag=1782401674"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9\u0026tag=1782401412"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9\u0026tag=1782400868"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3Ab74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-rhel9-operator\u0026tag=1782401674"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9\u0026tag=1782401412"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9\u0026tag=1782400868"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-rhel9-operator\u0026tag=1782401674"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9\u0026tag=1782401412"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9\u0026tag=1782400868"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64 as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le as a component of DevWorkspace Operator 0.42",
"product_id": "DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.42"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39828",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-05-22T04:01:46.775641+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480687"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important security flaw in the `golang.org/x/crypto/ssh` library. When an SSH server utilizing this library is configured with specific authentication callbacks that return a `PartialSuccessError` with non-nil permissions, an attacker could bypass intended certificate restrictions, such as `force-command`. This bypass could lead to unauthorized command execution or access on affected Red Hat systems configured with multi-factor authentication and certificate-based access controls.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "RHBZ#2480687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39828",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39828"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://go.dev/cl/781621",
"url": "https://go.dev/cl/781621"
},
{
"category": "external",
"summary": "https://go.dev/issue/79562",
"url": "https://go.dev/issue/79562"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5014",
"url": "https://pkg.go.dev/vuln/GO-2026-5014"
}
],
"release_date": "2026-05-22T02:31:26.883000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions"
},
{
"cve": "CVE-2026-39829",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-05-22T04:01:30.092249+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in golang.org/x/crypto/ssh is rated as Important. An unauthenticated remote attacker could trigger a denial of service by providing a specially crafted public key with excessively large parameters during SSH public key authentication. This could lead to prolonged CPU consumption on the server, impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "RHBZ#2480681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://go.dev/cl/781641",
"url": "https://go.dev/cl/781641"
},
{
"category": "external",
"summary": "https://go.dev/cl/781661",
"url": "https://go.dev/cl/781661"
},
{
"category": "external",
"summary": "https://go.dev/issue/79565",
"url": "https://go.dev/issue/79565"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5018",
"url": "https://pkg.go.dev/vuln/GO-2026-5018"
}
],
"release_date": "2026-05-22T02:31:27.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters"
},
{
"cve": "CVE-2026-39830",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-05-22T04:01:38.517202+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection\u0027s read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in `golang.org/x/crypto/ssh`. A remote, unauthenticated attacker can exploit this vulnerability by sending unsolicited global request responses to an affected SSH server, leading to resource exhaustion and a denial of service. The impact is considered Important due to the potential for unauthenticated remote disruption of services utilizing the vulnerable SSH library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "RHBZ#2480684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39830",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39830"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://go.dev/cl/781640",
"url": "https://go.dev/cl/781640"
},
{
"category": "external",
"summary": "https://go.dev/cl/781664",
"url": "https://go.dev/cl/781664"
},
{
"category": "external",
"summary": "https://go.dev/issue/79564",
"url": "https://go.dev/issue/79564"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5017",
"url": "https://pkg.go.dev/vuln/GO-2026-5017"
}
],
"release_date": "2026-05-22T02:31:27.208000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "workaround",
"details": "To mitigate this denial of service vulnerability, restrict network access to any service that utilizes the `golang.org/x/crypto/ssh` library and is exposed to untrusted networks. Implement firewall rules to allow connections only from trusted hosts or networks. This action limits the ability of malicious peers to send unsolicited global request responses. A restart of the affected service may be necessary for the new network rules to be applied effectively.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses"
},
{
"cve": "CVE-2026-42508",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-22T04:01:49.515058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in `golang.org/x/crypto/ssh/knownhosts` allows a remote attacker to bypass security checks. This vulnerability arises because the system fails to properly verify the revocation status of a Certificate Authority (CA) `SignatureKey`. In Red Hat environments, this could enable an attacker to present a revoked key, leading to its acceptance as valid and potentially granting unauthorized access or facilitating the spoofing of legitimate entities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "RHBZ#2480688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42508"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://go.dev/cl/781220",
"url": "https://go.dev/cl/781220"
},
{
"category": "external",
"summary": "https://go.dev/issue/79568",
"url": "https://go.dev/issue/79568"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5021",
"url": "https://pkg.go.dev/vuln/GO-2026-5021"
}
],
"release_date": "2026-05-22T02:31:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey"
},
{
"cve": "CVE-2026-46595",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-22T04:01:52.215134+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/crypto/ssh is vulnerable to authorization bypass when SSH server configurations rely on source-address validation alongside non-public-key authentication callbacks. An attacker with low privileges who can authenticate through such a callback path may bypass intended source-address restrictions and gain unauthorized SSH access. Red Hat impact sits in services built with affected x/crypto/ssh, including RHEL golang streams, hummingbird Go toolchains, RHACM/MCE agents, and OpenShift or Ceph components that embed Go SSH servers with mixed callback types.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "RHBZ#2480689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46595"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://go.dev/cl/781642",
"url": "https://go.dev/cl/781642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79570",
"url": "https://go.dev/issue/79570"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5023",
"url": "https://pkg.go.dev/vuln/GO-2026-5023"
}
],
"release_date": "2026-05-22T02:31:27.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T16:06:37+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/crypto/ssh release via updated golang or package rebuilds. Ensure SSH servers use supported public-key callback configurations with source-address validation as intended.",
"product_ids": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:2a263321d0db82af2c030c7035349d3b42378fb3b03c3e58c0553ce68217581b_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:2a99aac71cd2c5ac53e26817eb8e1df65e417ebbc0fce30b05905f022df9dda3_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:509841df7c98e3d55c85e44dce9d1b235ab9ad80fa0ec82fdfc9a3562e4effbf_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:77e0a72e35af25a60b202082ada3e61d80d0be7e24ea3b0c374541c93d25da44_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:f1d6822065c055040bf9017047ea4afd874c33ccbfa3c4e5854655419f58dd8e_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:00c7568ee3e388839b7777dab379ac6ecf3c5bc7bdeec2562417f88f862b80b5_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:0ba88226a4c28d5caab277cbddac90e8782bd9b77a87c2253b5933730fda57f2_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:3d0cf855d29d897af3f55066f0882b844402d43c29ede0401336e00d8e09806e_ppc64le",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:70d9351eb4156abab69dd5001020cf9a90731d25a2677069c85788c6f41d2130_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:273e029b1618235c7c4ea103d09da99dac8d2803c9be4b5754f1f251563fce27_amd64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:2f577d0458bb4af7eb00dc937cac08023c2de0fca74e31fc2c2725cc4cc26a44_s390x",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:71f0ecbb31045e41063e781e2cf03737e8878c49b27366103ff15b7a95e8e946_arm64",
"DevWorkspace Operator 0.42:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:b74935a50eddbd0bfa65b9cd7546c73fadc9267f867adcdaa0cbf8c32b6b4e40_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.