RHSA-2026:9052

Vulnerability from csaf_redhat - Published: 2026-04-20 14:01 - Updated: 2026-04-23 06:09
Summary
Red Hat Security Advisory: Red Hat Lightspeed (formerly Insights) for Runtimes security update
Severity
Important
Notes
Topic: An update is now available for Red Hat Lightspeed (formerly Insights) for Runtimes on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: An update is now available for Red Hat Lightspeed (formerly Insights) for Runtimes on RHEL 9. Security fix(es): * crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137) * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2026-25679

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1286 - Improper Validation of Syntactic Correctness of Input
Vendor Fix Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2026:9052
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVE-2026-27137

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-295 - Improper Certificate Validation
Vendor Fix Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2026:9052
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Lightspeed (formerly Insights) for Runtimes on RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "An update is now available for Red Hat Lightspeed (formerly Insights) for Runtimes on RHEL 9.\n\nSecurity fix(es):\n\n* crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137)\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:9052",
        "url": "https://access.redhat.com/errata/RHSA-2026:9052"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
        "url": "https://access.redhat.com/security/cve/CVE-2026-25679"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
        "url": "https://access.redhat.com/security/cve/CVE-2026-27137"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9052.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Lightspeed (formerly Insights) for Runtimes security update",
    "tracking": {
      "current_release_date": "2026-04-23T06:09:25+00:00",
      "generator": {
        "date": "2026-04-23T06:09:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.5"
        }
      },
      "id": "RHSA-2026:9052",
      "initial_release_date": "2026-04-20T14:01:31+00:00",
      "revision_history": [
        {
          "date": "2026-04-20T14:01:31+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-20T14:01:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-23T06:09:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
                "product": {
                  "name": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
                  "product_id": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Lightspeed (formerly Insights) for Runtimes"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64",
                "product": {
                  "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64",
                  "product_id": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/runtimes-inventory-rhel9-operator@sha256%3A37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e?arch=amd64\u0026repository_url=registry.redhat.io/rh-lightspeed-runtimes\u0026tag=1.0.2-1776288486"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64",
                "product": {
                  "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64",
                  "product_id": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/runtimes-inventory-operator-bundle@sha256%3Ae4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb?arch=amd64\u0026repository_url=registry.redhat.io/rh-lightspeed-runtimes\u0026tag=1.0.2-1776372510"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64",
                "product": {
                  "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64",
                  "product_id": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/runtimes-inventory-rhel9-operator@sha256%3Ad71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6?arch=arm64\u0026repository_url=registry.redhat.io/rh-lightspeed-runtimes\u0026tag=1.0.2-1776288486"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le",
                  "product_id": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/runtimes-inventory-rhel9-operator@sha256%3A7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799?arch=ppc64le\u0026repository_url=registry.redhat.io/rh-lightspeed-runtimes\u0026tag=1.0.2-1776288486"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x",
                "product": {
                  "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x",
                  "product_id": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/runtimes-inventory-rhel9-operator@sha256%3Ae65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6?arch=s390x\u0026repository_url=registry.redhat.io/rh-lightspeed-runtimes\u0026tag=1.0.2-1776288486"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64 as a component of Red Hat Lightspeed (formerly Insights) for Runtimes 1",
          "product_id": "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64"
        },
        "product_reference": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64",
        "relates_to_product_reference": "Red Hat Lightspeed (formerly Insights) for Runtimes 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64 as a component of Red Hat Lightspeed (formerly Insights) for Runtimes 1",
          "product_id": "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64"
        },
        "product_reference": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64",
        "relates_to_product_reference": "Red Hat Lightspeed (formerly Insights) for Runtimes 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le as a component of Red Hat Lightspeed (formerly Insights) for Runtimes 1",
          "product_id": "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le"
        },
        "product_reference": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le",
        "relates_to_product_reference": "Red Hat Lightspeed (formerly Insights) for Runtimes 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64 as a component of Red Hat Lightspeed (formerly Insights) for Runtimes 1",
          "product_id": "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64"
        },
        "product_reference": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64",
        "relates_to_product_reference": "Red Hat Lightspeed (formerly Insights) for Runtimes 1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x as a component of Red Hat Lightspeed (formerly Insights) for Runtimes 1",
          "product_id": "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x"
        },
        "product_reference": "registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x",
        "relates_to_product_reference": "Red Hat Lightspeed (formerly Insights) for Runtimes 1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-25679",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2026-03-06T22:02:11.567841+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2445356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64",
          "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le",
          "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64",
          "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x"
        ],
        "known_not_affected": [
          "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "RHBZ#2445356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/752180",
          "url": "https://go.dev/cl/752180"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77578",
          "url": "https://go.dev/issue/77578"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
          "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4601",
          "url": "https://pkg.go.dev/vuln/GO-2026-4601"
        }
      ],
      "release_date": "2026-03-06T21:28:14.211000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-20T14:01:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:9052"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "cve": "CVE-2026-27137",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2026-03-06T22:01:38.859733+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2445345"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64",
          "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le",
          "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64",
          "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x"
        ],
        "known_not_affected": [
          "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27137"
        },
        {
          "category": "external",
          "summary": "RHBZ#2445345",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/752182",
          "url": "https://go.dev/cl/752182"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77952",
          "url": "https://go.dev/issue/77952"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
          "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4599",
          "url": "https://pkg.go.dev/vuln/GO-2026-4599"
        }
      ],
      "release_date": "2026-03-06T21:28:13.748000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-20T14:01:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:9052"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-operator-bundle@sha256:e4f8aee3f5516d88ba4125cef4c162e19c87ae1654c46069c59a0b26aec172bb_amd64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:37405eb98fc40f9b04ce0a5bdc37bd3941c1f3a3eee2c7a5195e0ccfd561364e_amd64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:7058c6cb9f9feb524dd8ae915fa266540a1c3ff05a8bc90f558a16ee99891799_ppc64le",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:d71235e8467fad21686023bc3b843222cd40b5b44de614d28592b6ffb4b7d4b6_arm64",
            "Red Hat Lightspeed (formerly Insights) for Runtimes 1:registry.redhat.io/rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator@sha256:e65ed233ea4b24fc1bbdd82e7719e797067fa53ea99ba0c3b9aa50e2ca8dc2b6_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.