Vulnerability-Lookup

RHSA-2026:6226

Vulnerability from csaf_redhat - Published: 2026-03-31 02:53 - Updated: 2026-04-01 16:03

Summary

Red Hat Security Advisory: Multicluster Global Hub 1.6.2 security update

Severity

Important

Notes

Topic: Multicluster Global Hub v1.6.2 general availability release images, which provide security fixes, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.

Details: Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-47907

A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.

7.0 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Vendor Fix For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation: https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index https://access.redhat.com/errata/RHSA-2026:6226

CVE-2025-57810

An excessive resource consumption flaw has been discovered in the jsPDF npm library. Passing a maliciously crafted PNG file to the library may result in high CPU usage and a denial of service of the program the library is being used in.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

CVE-2025-58183

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

CVE-2025-58754

A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: 'stream'.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

CVE-2025-59343

A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2025-61726

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Workaround Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

CVE-2025-61728

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Workaround To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.

CVE-2025-61729

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1050 - Excessive Platform Resource Consumption within a Loop

CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2026-27571

A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a complete denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

References

URL

Category

	https://access.redhat.com/errata/RHSA-2026:6226	self
	https://access.redhat.com/security/cve/CVE-2025-47907	external
	https://access.redhat.com/security/cve/CVE-2025-57810	external
	https://access.redhat.com/security/cve/CVE-2025-58183	external
	https://access.redhat.com/security/cve/CVE-2025-58754	external
	https://access.redhat.com/security/cve/CVE-2025-59343	external
	https://access.redhat.com/security/cve/CVE-2025-61726	external
	https://access.redhat.com/security/cve/CVE-2025-61728	external
	https://access.redhat.com/security/cve/CVE-2025-61729	external
	https://access.redhat.com/security/cve/CVE-2025-68121	external
	https://access.redhat.com/security/cve/CVE-2026-27571	external
	https://access.redhat.com/security/updates/classi…	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2025-47907	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2387083	external
	https://www.cve.org/CVERecord?id=CVE-2025-47907	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-47907	external
	https://go.dev/cl/693735	external
	https://go.dev/issue/74831	external
	https://groups.google.com/g/golang-announce/c/x5M…	external
	https://pkg.go.dev/vuln/GO-2025-3849	external
	https://access.redhat.com/security/cve/CVE-2025-57810	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2391077	external
	https://www.cve.org/CVERecord?id=CVE-2025-57810	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-57810	external
	https://github.com/parallax/jsPDF/commit/4cf3ab61…	external
	https://github.com/parallax/jsPDF/pull/3880	external
	https://github.com/parallax/jsPDF/releases/tag/v3.0.2	external
	https://github.com/parallax/jsPDF/security/adviso…	external
	https://access.redhat.com/security/cve/CVE-2025-58183	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2407258	external
	https://www.cve.org/CVERecord?id=CVE-2025-58183	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	external
	https://go.dev/cl/709861	external
	https://go.dev/issue/75677	external
	https://groups.google.com/g/golang-announce/c/4Em…	external
	https://pkg.go.dev/vuln/GO-2025-4014	external
	https://access.redhat.com/security/cve/CVE-2025-58754	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2394735	external
	https://www.cve.org/CVERecord?id=CVE-2025-58754	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-58754	external
	https://github.com/axios/axios/commit/945435fc514…	external
	https://github.com/axios/axios/pull/7011	external
	https://github.com/axios/axios/releases/tag/v1.12.0	external
	https://github.com/axios/axios/security/advisorie…	external
	https://access.redhat.com/security/cve/CVE-2025-59343	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2397901	external
	https://www.cve.org/CVERecord?id=CVE-2025-59343	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-59343	external
	https://github.com/mafintosh/tar-fs/commit/0bd54c…	external
	https://github.com/mafintosh/tar-fs/security/advi…	external
	https://access.redhat.com/security/cve/CVE-2025-61726	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2434432	external
	https://www.cve.org/CVERecord?id=CVE-2025-61726	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-61726	external
	https://go.dev/cl/736712	external
	https://go.dev/issue/77101	external
	https://groups.google.com/g/golang-announce/c/Vd2…	external
	https://pkg.go.dev/vuln/GO-2026-4341	external
	https://access.redhat.com/security/cve/CVE-2025-61728	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2434431	external
	https://www.cve.org/CVERecord?id=CVE-2025-61728	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-61728	external
	https://go.dev/cl/736713	external
	https://go.dev/issue/77102	external
	https://pkg.go.dev/vuln/GO-2026-4342	external
	https://access.redhat.com/security/cve/CVE-2025-61729	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2418462	external
	https://www.cve.org/CVERecord?id=CVE-2025-61729	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-61729	external
	https://go.dev/cl/725920	external
	https://go.dev/issue/76445	external
	https://groups.google.com/g/golang-announce/c/8FJ…	external
	https://pkg.go.dev/vuln/GO-2025-4155	external
	https://access.redhat.com/security/cve/CVE-2025-68121	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2437111	external
	https://www.cve.org/CVERecord?id=CVE-2025-68121	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-68121	external
	https://go.dev/cl/737700	external
	https://go.dev/issue/77217	external
	https://groups.google.com/g/golang-announce/c/K09…	external
	https://pkg.go.dev/vuln/GO-2026-4337	external
	https://access.redhat.com/security/cve/CVE-2026-27571	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2442401	external
	https://www.cve.org/CVERecord?id=CVE-2026-27571	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-27571	external
	https://github.com/nats-io/nats-server/commit/f77…	external
	https://github.com/nats-io/nats-server/releases/t…	external
	https://github.com/nats-io/nats-server/releases/t…	external
	https://github.com/nats-io/nats-server/security/a…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Multicluster Global Hub v1.6.2 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:6226",
        "url": "https://access.redhat.com/errata/RHSA-2026:6226"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
        "url": "https://access.redhat.com/security/cve/CVE-2025-47907"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-57810",
        "url": "https://access.redhat.com/security/cve/CVE-2025-57810"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
        "url": "https://access.redhat.com/security/cve/CVE-2025-58183"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-58754",
        "url": "https://access.redhat.com/security/cve/CVE-2025-58754"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-59343",
        "url": "https://access.redhat.com/security/cve/CVE-2025-59343"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61726"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61728"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
        "url": "https://access.redhat.com/security/cve/CVE-2025-68121"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-27571",
        "url": "https://access.redhat.com/security/cve/CVE-2026-27571"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6226.json"
      }
    ],
    "title": "Red Hat Security Advisory: Multicluster Global Hub 1.6.2 security update",
    "tracking": {
      "current_release_date": "2026-04-01T16:03:24+00:00",
      "generator": {
        "date": "2026-04-01T16:03:24+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2026:6226",
      "initial_release_date": "2026-03-31T02:53:32+00:00",
      "revision_history": [
        {
          "date": "2026-03-31T02:53:32+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-03-31T02:53:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T16:03:24+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Multicluster Global Hub 1.6.2",
                "product": {
                  "name": "Multicluster Global Hub 1.6.2",
                  "product_id": "Multicluster Global Hub 1.6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:multicluster_globalhub:1.6::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Multicluster Global Hub"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ab7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Af244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3A9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774364330"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ad4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ab59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Acbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ab5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
                "product": {
                  "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
                  "product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Abe5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 as a component of Multicluster Global Hub 1.6.2",
          "product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
        },
        "product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
        "relates_to_product_reference": "Multicluster Global Hub 1.6.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-47907",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "discovery_date": "2025-08-07T16:01:06.247481+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2387083"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "database/sql: Postgres Scan Race Condition",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
        ],
        "known_not_affected": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-47907"
        },
        {
          "category": "external",
          "summary": "RHBZ#2387083",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/693735",
          "url": "https://go.dev/cl/693735"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/74831",
          "url": "https://go.dev/issue/74831"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
          "url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3849",
          "url": "https://pkg.go.dev/vuln/GO-2025-3849"
        }
      ],
      "release_date": "2025-08-07T15:25:30.704000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T02:53:32+00:00",
          "details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6226"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "database/sql: Postgres Scan Race Condition"
    },
    {
      "cve": "CVE-2025-57810",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-08-26T16:01:25.508363+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2391077"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An excessive resource consumption flaw has been discovered in the jsPDF npm library. Passing a maliciously crafted PNG file to the library may result in high CPU usage and a denial of service of the program the library is being used in.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jspdf: jsPDF Denial of Service (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The availability impact of this flaw is limited on Red Hat systems as the host operating system is not at risk of degradation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
        ],
        "known_not_affected": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-57810"
        },
        {
          "category": "external",
          "summary": "RHBZ#2391077",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391077"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-57810",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57810",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57810"
        },
        {
          "category": "external",
          "summary": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9",
          "url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
        },
        {
          "category": "external",
          "summary": "https://github.com/parallax/jsPDF/pull/3880",
          "url": "https://github.com/parallax/jsPDF/pull/3880"
        },
        {
          "category": "external",
          "summary": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2",
          "url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
        },
        {
          "category": "external",
          "summary": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw",
          "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
        }
      ],
      "release_date": "2025-08-26T15:37:28.071000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T02:53:32+00:00",
          "details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6226"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jspdf: jsPDF Denial of Service (DoS)"
    },
    {
      "cve": "CVE-2025-58183",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-10-29T23:01:50.573951+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2407258"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
        ],
        "known_not_affected": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-58183"
        },
        {
          "category": "external",
          "summary": "RHBZ#2407258",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/709861",
          "url": "https://go.dev/cl/709861"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/75677",
          "url": "https://go.dev/issue/75677"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
          "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4014",
          "url": "https://pkg.go.dev/vuln/GO-2025-4014"
        }
      ],
      "release_date": "2025-10-29T22:10:14.376000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T02:53:32+00:00",
          "details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6226"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
    },
    {
      "cve": "CVE-2025-58754",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-12T02:00:53.897605+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2394735"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.\nThis path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: \u0027stream\u0027.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios DoS via lack of data size check",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Availability impact is limited to the application which bundles axios and not the host Red Hat system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
        ],
        "known_not_affected": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-58754"
        },
        {
          "category": "external",
          "summary": "RHBZ#2394735",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394735"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-58754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
          "url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/pull/7011",
          "url": "https://github.com/axios/axios/pull/7011"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/releases/tag/v1.12.0",
          "url": "https://github.com/axios/axios/releases/tag/v1.12.0"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
        }
      ],
      "release_date": "2025-09-12T01:16:40.513000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T02:53:32+00:00",
          "details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6226"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "axios: Axios DoS via lack of data size check"
    },
    {
      "cve": "CVE-2025-59343",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2025-09-24T18:01:19.612438+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2397901"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tar-fs: tar-fs symlink validation bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
        ],
        "known_not_affected": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59343"
        },
        {
          "category": "external",
          "summary": "RHBZ#2397901",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397901"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59343",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343"
        },
        {
          "category": "external",
          "summary": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09",
          "url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
        },
        {
          "category": "external",
          "summary": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v",
          "url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
        }
      ],
      "release_date": "2025-09-24T17:43:34.728000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T02:53:32+00:00",
          "details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6226"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tar-fs: tar-fs symlink validation bypass"
    },
    {
      "cve": "CVE-2025-61726",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-01-28T20:01:42.791305+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2434432"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
        ],
        "known_not_affected": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "RHBZ#2434432",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/736712",
          "url": "https://go.dev/cl/736712"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77101",
          "url": "https://go.dev/issue/77101"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4341",
          "url": "https://pkg.go.dev/vuln/GO-2026-4341"
        }
      ],
      "release_date": "2026-01-28T19:30:31.215000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T02:53:32+00:00",
          "details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6226"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "cve": "CVE-2025-61728",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-01-28T20:01:39.965024+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2434431"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
        ],
        "known_not_affected": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61728"
        },
        {
          "category": "external",
          "summary": "RHBZ#2434431",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/736713",
          "url": "https://go.dev/cl/736713"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77102",
          "url": "https://go.dev/issue/77102"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4342",
          "url": "https://pkg.go.dev/vuln/GO-2026-4342"
        }
      ],
      "release_date": "2026-01-28T19:30:31.354000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T02:53:32+00:00",
          "details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6226"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
    },
    {
      "cve": "CVE-2025-61729",
      "cwe": {
        "id": "CWE-1050",
        "name": "Excessive Platform Resource Consumption within a Loop"
      },
      "discovery_date": "2025-12-02T20:01:45.330964+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418462"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
        ],
        "known_not_affected": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418462",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/725920",
          "url": "https://go.dev/cl/725920"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/76445",
          "url": "https://go.dev/issue/76445"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4155",
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "release_date": "2025-12-02T18:54:10.166000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T02:53:32+00:00",
          "details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6226"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "cve": "CVE-2025-68121",
      "discovery_date": "2026-02-05T18:01:30.086058+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2437111"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/tls: Unexpected session resumption in crypto/tls",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
        ],
        "known_not_affected": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "RHBZ#2437111",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/737700",
          "url": "https://go.dev/cl/737700"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77217",
          "url": "https://go.dev/issue/77217"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
          "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4337",
          "url": "https://pkg.go.dev/vuln/GO-2026-4337"
        }
      ],
      "release_date": "2026-02-05T17:48:44.141000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T02:53:32+00:00",
          "details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6226"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "crypto/tls: Unexpected session resumption in crypto/tls"
    },
    {
      "cve": "CVE-2026-27571",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-02-24T17:04:11.684134+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2442401"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a complete denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nats-server: WebSockets pre-auth memory DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw does not require valid NATS credentials to be exploited as the use of compression is negotiated before the authentication process. However, only deployments using WebSockets and that are exposed to untrusted network endpoints are vulnerable to this issue, limiting its exposure. Due to these reasons, this issue has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
        ],
        "known_not_affected": [
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
          "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27571"
        },
        {
          "category": "external",
          "summary": "RHBZ#2442401",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442401"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27571",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27571"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27571",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27571"
        },
        {
          "category": "external",
          "summary": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017",
          "url": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017"
        },
        {
          "category": "external",
          "summary": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12",
          "url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12"
        },
        {
          "category": "external",
          "summary": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3",
          "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3"
        },
        {
          "category": "external",
          "summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw",
          "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw"
        }
      ],
      "release_date": "2026-02-24T15:59:17.926000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T02:53:32+00:00",
          "details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6226"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
            "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nats-server: WebSockets pre-auth memory DoS"
    }
  ]
}

CVE-2025-47907 (GCVE-0-2025-47907)

Vulnerability from cvelistv5 – Published: 2025-08-07 15:25 – Updated: 2025-11-04 21:10

Title

Incorrect results returned from Rows.Scan in database/sql

Summary

Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

References

URL

Tags

	https://go.dev/cl/693735
	https://go.dev/issue/74831
	https://groups.google.com/g/golang-announce/c/x5M…
	https://pkg.go.dev/vuln/GO-2025-3849

Impacted products

	Vendor	Product	Version
	Go standard library	database/sql	Affected: 0 , < 1.23.12 (semver) Affected: 1.24.0 , < 1.24.6 (semver)

Credits

Spike Curtis from Coder

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-47907",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-07T15:45:26.297503Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-07T15:48:03.634Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:10:56.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/08/06/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "database/sql",
          "product": "database/sql",
          "programRoutines": [
            {
              "name": "Rows.Scan"
            },
            {
              "name": "Row.Scan"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.23.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.24.6",
              "status": "affected",
              "version": "1.24.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Spike Curtis from Coder"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-07T15:25:30.704Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/693735"
        },
        {
          "url": "https://go.dev/issue/74831"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-3849"
        }
      ],
      "title": "Incorrect results returned from Rows.Scan in database/sql"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-47907",
    "datePublished": "2025-08-07T15:25:30.704Z",
    "dateReserved": "2025-05-13T23:31:29.597Z",
    "dateUpdated": "2025-11-04T21:10:56.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-58183 (GCVE-0-2025-58183)

Vulnerability from cvelistv5 – Published: 2025-10-29 22:10 – Updated: 2025-11-04 21:13

Title

Unbounded allocation when parsing GNU sparse map in archive/tar

Summary

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

URL

Tags

	https://go.dev/cl/709861
	https://go.dev/issue/75677
	https://groups.google.com/g/golang-announce/c/4Em…
	https://pkg.go.dev/vuln/GO-2025-4014

Impacted products

	Vendor	Product	Version
	Go standard library	archive/tar	Affected: 0 , < 1.24.8 (semver) Affected: 1.25.0 , < 1.25.2 (semver)

Credits

Harshit Gupta (Mr HAX)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-58183",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-30T14:22:41.219110Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:56:37.377Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:13:32.834Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/08/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "archive/tar",
          "product": "archive/tar",
          "programRoutines": [
            {
              "name": "readGNUSparseMap1x0"
            },
            {
              "name": "Reader.Next"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.2",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Harshit Gupta (Mr HAX)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T22:10:14.376Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/709861"
        },
        {
          "url": "https://go.dev/issue/75677"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4014"
        }
      ],
      "title": "Unbounded allocation when parsing GNU sparse map in archive/tar"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-58183",
    "datePublished": "2025-10-29T22:10:14.376Z",
    "dateReserved": "2025-08-27T14:50:58.691Z",
    "dateUpdated": "2025-11-04T21:13:32.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59343 (GCVE-0-2025-59343)

Vulnerability from cvelistv5 – Published: 2025-09-24 17:43 – Updated: 2025-11-03 18:13

Title

tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

Summary

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-61 - UNIX Symbolic Link (Symlink) Following

Assigner

GitHub_M

References

URL

Tags

	https://github.com/mafintosh/tar-fs/security/advi…	x_refsource_CONFIRM
	https://github.com/mafintosh/tar-fs/commit/0bd54c…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	mafintosh	tar-fs	Affected: >= 3.0.0, < 3.1.1 Affected: >= 2.0.0, < 2.1.3 Affected: < 1.16.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59343",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-03T14:49:04.310765Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-03T14:49:06.790Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:13:55.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00028.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tar-fs",
          "vendor": "mafintosh",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.1.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.1.3"
            },
            {
              "status": "affected",
              "version": "\u003c 1.16.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-24T17:43:34.728Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
        },
        {
          "name": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
        }
      ],
      "source": {
        "advisory": "GHSA-vj76-c3g6-qr5v",
        "discovery": "UNKNOWN"
      },
      "title": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-59343",
    "datePublished": "2025-09-24T17:43:34.728Z",
    "dateReserved": "2025-09-12T12:36:24.636Z",
    "dateUpdated": "2025-11-03T18:13:55.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-57810 (GCVE-0-2025-57810)

Vulnerability from cvelistv5 – Published: 2025-08-26 15:37 – Updated: 2025-08-26 15:58

Title

jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)

Summary

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-20 - Improper Input Validation
CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

URL

Tags

	https://github.com/parallax/jsPDF/security/adviso…	x_refsource_CONFIRM
	https://github.com/parallax/jsPDF/pull/3880	x_refsource_MISC
	https://github.com/parallax/jsPDF/commit/4cf3ab61…	x_refsource_MISC
	https://github.com/parallax/jsPDF/releases/tag/v3.0.2	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	parallax	jsPDF	Affected: < 3.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57810",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-26T15:58:22.222216Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T15:58:25.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jsPDF",
          "vendor": "parallax",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T15:37:28.071Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
        },
        {
          "name": "https://github.com/parallax/jsPDF/pull/3880",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parallax/jsPDF/pull/3880"
        },
        {
          "name": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
        },
        {
          "name": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
        }
      ],
      "source": {
        "advisory": "GHSA-8mvj-3j78-4qmw",
        "discovery": "UNKNOWN"
      },
      "title": "jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-57810",
    "datePublished": "2025-08-26T15:37:28.071Z",
    "dateReserved": "2025-08-20T14:30:35.010Z",
    "dateUpdated": "2025-08-26T15:58:25.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-61729 (GCVE-0-2025-61729)

Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37

Title

Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Summary

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

URL

Tags

	https://go.dev/cl/725920
	https://go.dev/issue/76445
	https://groups.google.com/g/golang-announce/c/8FJ…
	https://pkg.go.dev/vuln/GO-2025-4155

Impacted products

	Vendor	Product	Version
	Go standard library	crypto/x509	Affected: 0 , < 1.24.11 (semver) Affected: 1.25.0 , < 1.25.5 (semver)

Credits

Philippe Antoine (Catena cyber)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61729",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T21:52:36.341575Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T21:52:58.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/x509",
          "product": "crypto/x509",
          "programRoutines": [
            {
              "name": "Certificate.VerifyHostname"
            },
            {
              "name": "Certificate.Verify"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.5",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Philippe Antoine (Catena cyber)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-03T19:37:14.903Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/725920"
        },
        {
          "url": "https://go.dev/issue/76445"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61729",
    "datePublished": "2025-12-02T18:54:10.166Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2025-12-03T19:37:14.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68121 (GCVE-0-2025-68121)

Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-02-20 16:05

Title

Unexpected session resumption in crypto/tls

Summary

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-295 - Improper Certificate Validation

Assigner

References

URL

Tags

	https://groups.google.com/g/golang-announce/c/K09…
	https://go.dev/cl/737700
	https://go.dev/issue/77217
	https://pkg.go.dev/vuln/GO-2026-4337

Impacted products

	Vendor	Product	Version
	Go standard library	crypto/tls	Affected: 0 , < 1.24.13 (semver) Affected: 1.25.0-0 , < 1.25.7 (semver) Affected: 1.26.0-rc.1 , < 1.26.0-rc.3 (semver)

Credits

Coia Prant (github.com/rbqvq) Go Security Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-68121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-20T16:05:03.924102Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-20T16:05:07.679Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/tls",
          "product": "crypto/tls",
          "programRoutines": [
            {
              "name": "Conn.handshakeContext"
            },
            {
              "name": "Conn.Handshake"
            },
            {
              "name": "Conn.HandshakeContext"
            },
            {
              "name": "Conn.Read"
            },
            {
              "name": "Conn.Write"
            },
            {
              "name": "Dial"
            },
            {
              "name": "DialWithDialer"
            },
            {
              "name": "Dialer.Dial"
            },
            {
              "name": "Dialer.DialContext"
            },
            {
              "name": "QUICConn.Start"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.7",
              "status": "affected",
              "version": "1.25.0-0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.0-rc.3",
              "status": "affected",
              "version": "1.26.0-rc.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Coia Prant (github.com/rbqvq)"
        },
        {
          "lang": "en",
          "value": "Go Security Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-05T17:48:44.141Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
        },
        {
          "url": "https://go.dev/cl/737700"
        },
        {
          "url": "https://go.dev/issue/77217"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4337"
        }
      ],
      "title": "Unexpected session resumption in crypto/tls"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-68121",
    "datePublished": "2026-02-05T17:48:44.141Z",
    "dateReserved": "2025-12-15T16:48:04.451Z",
    "dateUpdated": "2026-02-20T16:05:07.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61728 (GCVE-0-2025-61728)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-01-29 18:30

Title

Excessive CPU consumption when building archive index in archive/zip

Summary

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

References

URL

Tags

	https://go.dev/cl/736713
	https://go.dev/issue/77102
	https://groups.google.com/g/golang-announce/c/Vd2…
	https://pkg.go.dev/vuln/GO-2026-4342

Impacted products

	Vendor	Product	Version
	Go standard library	archive/zip	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

Jakub Ciolek

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-28T20:08:22.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/01/15/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61728",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T18:29:58.068724Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T18:30:24.487Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "archive/zip",
          "product": "archive/zip",
          "programRoutines": [
            {
              "name": "Reader.initFileList"
            },
            {
              "name": "Reader.Open"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Ciolek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:31.354Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736713"
        },
        {
          "url": "https://go.dev/issue/77102"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4342"
        }
      ],
      "title": "Excessive CPU consumption when building archive index in archive/zip"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61728",
    "datePublished": "2026-01-28T19:30:31.354Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-01-29T18:30:24.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27571 (GCVE-0-2026-27571)

Vulnerability from cvelistv5 – Published: 2026-02-24 15:59 – Updated: 2026-02-26 21:33

Title

nats-server websockets are vulnerable to pre-auth memory DoS

Summary

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which might then fail validation for size reasons. An attacker can use a compression bomb to cause excessive memory consumption, often resulting in the operating system terminating the server process. The use of compression is negotiated before authentication, so this does not require valid NATS credentials to exploit. The fix, present in versions 2.11.2 and 2.12.3, was to bounds the decompression to fail once the message was too large, instead of continuing on. The vulnerability only affects deployments which use WebSockets and which expose the network port to untrusted end-points.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

URL

Tags

	https://github.com/nats-io/nats-server/security/a…	x_refsource_CONFIRM
	https://github.com/nats-io/nats-server/commit/f77…	x_refsource_MISC
	https://github.com/nats-io/nats-server/releases/t…	x_refsource_MISC
	https://github.com/nats-io/nats-server/releases/t…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nats-io	nats-server	Affected: < 2.11.12 Affected: >= 2.12.0-RC.1, < 2.12.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27571",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T21:06:37.631926Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T21:33:40.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nats-server",
          "vendor": "nats-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.11.12"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.12.0-RC.1, \u003c 2.12.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which might then fail validation for size reasons. An attacker can use a compression bomb to cause excessive memory consumption, often resulting in the operating system terminating the server process. The use of compression is negotiated before authentication, so this does not require valid NATS credentials to exploit. The fix, present in versions 2.11.2 and 2.12.3, was to bounds the decompression to fail once the message was too large, instead of continuing on. The vulnerability only affects deployments which use WebSockets and which expose the network port to untrusted end-points."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-409",
              "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T15:59:17.926Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw"
        },
        {
          "name": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017"
        },
        {
          "name": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12"
        },
        {
          "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3"
        }
      ],
      "source": {
        "advisory": "GHSA-qrvq-68c2-7grw",
        "discovery": "UNKNOWN"
      },
      "title": "nats-server websockets are vulnerable to pre-auth memory DoS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27571",
    "datePublished": "2026-02-24T15:59:17.926Z",
    "dateReserved": "2026-02-20T17:40:28.448Z",
    "dateUpdated": "2026-02-26T21:33:40.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61726 (GCVE-0-2025-61726)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-01-29 18:31

Title

Memory exhaustion in query parameter parsing in net/url

Summary

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

URL

Tags

	https://go.dev/cl/736712
	https://go.dev/issue/77101
	https://groups.google.com/g/golang-announce/c/Vd2…
	https://pkg.go.dev/vuln/GO-2026-4341

Impacted products

	Vendor	Product	Version
	Go standard library	net/url	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

jub0bs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61726",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T18:31:39.150633Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T18:31:59.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/url",
          "product": "net/url",
          "programRoutines": [
            {
              "name": "parseQuery"
            },
            {
              "name": "ParseQuery"
            },
            {
              "name": "URL.Query"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "jub0bs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:31.215Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736712"
        },
        {
          "url": "https://go.dev/issue/77101"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4341"
        }
      ],
      "title": "Memory exhaustion in query parameter parsing in net/url"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61726",
    "datePublished": "2026-01-28T19:30:31.215Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-01-29T18:31:59.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-58754 (GCVE-0-2025-58754)

Vulnerability from cvelistv5 – Published: 2025-09-12 01:16 – Updated: 2026-01-16 14:50

Title

Axios is vulnerable to DoS attack through lack of data size check

Summary

Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

URL

Tags

	https://github.com/axios/axios/security/advisorie…	x_refsource_CONFIRM
	https://github.com/axios/axios/pull/7011	x_refsource_MISC
	https://github.com/axios/axios/pull/7034	x_refsource_MISC
	https://github.com/axios/axios/commit/945435fc514…	x_refsource_MISC
	https://github.com/axios/axios/commit/a1b1d3f073a…	x_refsource_MISC
	https://github.com/axios/axios/commit/c30252f685e…	x_refsource_MISC
	https://github.com/axios/axios/releases/tag/v0.30.2	x_refsource_MISC
	https://github.com/axios/axios/releases/tag/v1.12.0	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	axios	axios	Affected: >= 1.0.0, < 1.12.0 Affected: >= 0.28.0, < 0.30.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58754",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-12T13:08:38.895896Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-12T13:08:42.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "axios",
          "vendor": "axios",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.12.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.28.0, \u003c 0.30.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T14:50:09.107Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
        },
        {
          "name": "https://github.com/axios/axios/pull/7011",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/pull/7011"
        },
        {
          "name": "https://github.com/axios/axios/pull/7034",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/pull/7034"
        },
        {
          "name": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
        },
        {
          "name": "https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67"
        },
        {
          "name": "https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06"
        },
        {
          "name": "https://github.com/axios/axios/releases/tag/v0.30.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/releases/tag/v0.30.2"
        },
        {
          "name": "https://github.com/axios/axios/releases/tag/v1.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/releases/tag/v1.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-4hjh-wcwx-xvwj",
        "discovery": "UNKNOWN"
      },
      "title": "Axios is vulnerable to DoS attack through lack of data size check"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-58754",
    "datePublished": "2025-09-12T01:16:40.513Z",
    "dateReserved": "2025-09-04T19:18:09.499Z",
    "dateUpdated": "2026-01-16T14:50:09.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:6226

CVE-2025-47907 (GCVE-0-2025-47907)

CVE-2025-58183 (GCVE-0-2025-58183)

CVE-2025-59343 (GCVE-0-2025-59343)

CVE-2025-57810 (GCVE-0-2025-57810)

CVE-2025-61729 (GCVE-0-2025-61729)

CVE-2025-68121 (GCVE-0-2025-68121)

CVE-2025-61728 (GCVE-0-2025-61728)

CVE-2026-27571 (GCVE-0-2026-27571)

CVE-2025-61726 (GCVE-0-2025-61726)

CVE-2025-58754 (GCVE-0-2025-58754)

Tags

Sightings

Nomenclature