RHSA-2026:4942
Vulnerability from csaf_redhat - Published: 2026-03-18 16:21 - Updated: 2026-03-18 17:44Summary
Red Hat Security Advisory: Red Hat Quay 3.12.15
Notes
Topic
Red Hat Quay 3.12.15 is now available with bug fixes.
Details
Quay 3.12.15
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.15 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.15",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4942",
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27962",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4942.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.15",
"tracking": {
"current_release_date": "2026-03-18T17:44:51+00:00",
"generator": {
"date": "2026-03-18T17:44:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:4942",
"initial_release_date": "2026-03-18T16:21:15+00:00",
"revision_history": [
{
"date": "2026-03-18T16:21:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-18T16:21:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T17:44:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773766026"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aa5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ac3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772132933"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Af4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773775889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Af15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Add1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ad547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ae39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-27962",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-16T18:02:07.041902+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker\u0027s key, allowing them to bypass authentication and gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This critical vulnerability in Authlib\u0027s JWS implementation allows unauthenticated attackers to forge JWTs by embedding their own cryptographic key in the token header. Impact is high to confidentiality and integrity as attackers can bypass authentication.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "RHBZ#2448164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681",
"url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5"
}
],
"release_date": "2026-03-16T17:34:38.946000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…