RHSA-2026:5447
Vulnerability from csaf_redhat - Published: 2026-03-23 16:03 - Updated: 2026-03-24 04:42Summary
Red Hat Security Advisory: RHTAS 1.3.3 - Red Hat Trusted Artifact Signer Release
Severity
Important
Notes
Topic: The 1.3.3 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
Details: The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:5447
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:5447
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.
8.2 (High)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:5447
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.
7.1 (High)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:5447
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.3.3 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5447",
"url": "https://access.redhat.com/errata/RHSA-2026:5447"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24842",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26960",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5447.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.3.3 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-03-24T04:42:35+00:00",
"generator": {
"date": "2026-03-24T04:42:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:5447",
"initial_release_date": "2026-03-23T16:03:55+00:00",
"revision_history": [
{
"date": "2026-03-23T16:03:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-23T16:04:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-24T04:42:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.3",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-backfill-redis-rhel9@sha256%3A8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1773307592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"product": {
"name": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"product_id": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/certificate-transparency-rhel9@sha256%3A61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1773308392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-database-rhel9@sha256%3A6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1773307620"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"product": {
"name": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"product_id": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fulcio-rhel9@sha256%3Ad71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1773307677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-logserver-rhel9@sha256%3Af02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1773231678"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-logsigner-rhel9@sha256%3A8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1773231678"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-redis-rhel9@sha256%3Acc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1773307620"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-search-ui-rhel9@sha256%3A865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1773308315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-server-rhel9@sha256%3A5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1773307592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"product": {
"name": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"product_id": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/timestamp-authority-rhel9@sha256%3A1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1773307765"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64"
},
"product_reference": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64"
},
"product_reference": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64"
},
"product_reference": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-23T16:03:55+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5447"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-23T16:03:55+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5447"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2026-24842",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-01-28T01:01:16.886629+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT vulnerability in node-tar, a Node.js module for handling TAR archives. The flaw allows an attacker to bypass path traversal protections by crafting a malicious TAR archive. This could lead to the creation of hardlinks to arbitrary files outside the intended extraction directory, potentially resulting in unauthorized information disclosure or further system compromise in affected Red Hat products utilizing node-tar for archive processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "RHBZ#2433645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46",
"url": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v"
}
],
"release_date": "2026-01-28T00:20:13.261000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-23T16:03:55+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5447"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
},
{
"cve": "CVE-2026-26960",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-20T02:01:07.883769+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "RHBZ#2441253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384",
"url": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f",
"url": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx"
}
],
"release_date": "2026-02-20T01:07:52.979000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-23T16:03:55+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5447"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:61aeb8693f27b60dd35e3dd1961d14bd95988cae70d649b340045619e5de7acf_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:d71caff0f67fe8d9665d39193d955fc9352224f647406a40e56428dd6cd24953_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:8d201eb6b1399f0373fb8456683bb2976dc6644745b7f285af3eb83ca3a0d0a7_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:5ffaf92fc557cb891a546ae2682d4e0259166ad6d935970dc958d255abc29a48_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:1ff8c1082274d8ae809e67d5c24e8c4365f2f4e0ce0dea6a2a95c1fac89f2d98_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6ca4eb17da6277b142a3353b675d735c106868f827243eaef70cd1ec01d36307_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:f02c58838bf882d9b5d82a1a96e8ab29ce6033ae1b64418118fba43eb9151b41_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8ef614441b76914f5727f5bec23a9d8dc2785ca7fd6a2516f393529b7801da53_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:cc686a64f9ae83adecc7a0ffe8a6b82f0750dc39ad05654a8087cf780a1c3b3a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…