Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-46595

Summary
Assigner-Go
Assigner Org ID-1bb62c36-49e3-4200-9d77-64a1400537cc
Published At-22 May, 2026 | 02:31
Updated At-17 Jul, 2026 | 12:04
Rejected At-
Credits

Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Go
Assigner Org ID:1bb62c36-49e3-4200-9d77-64a1400537cc
Published At:22 May, 2026 | 02:31
Updated At:17 Jul, 2026 | 12:04
Rejected At:
â–¼CVE Numbering Authority (CNA)
Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

Affected Products
Vendor
golang.org/x/crypto
Product
golang.org/x/crypto/ssh
Collection URL
https://pkg.go.dev
Package Name
golang.org/x/crypto/ssh
Program Routines
  • connection.serverAuthenticate
  • NewServerConn
Default Status
unaffected
Versions
Affected
  • From 0 before 0.52.0 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-863: Incorrect Authorization
Type: N/A
CWE ID: N/A
Description: CWE-863: Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://go.dev/issue/79570
N/A
https://groups.google.com/g/golang-announce/c/a082jnz-LvI
N/A
https://go.dev/cl/781642
N/A
https://pkg.go.dev/vuln/GO-2026-5023
N/A
Hyperlink: https://go.dev/issue/79570
Resource: N/A
Hyperlink: https://groups.google.com/g/golang-announce/c/a082jnz-LvI
Resource: N/A
Hyperlink: https://go.dev/cl/781642
Resource: N/A
Hyperlink: https://pkg.go.dev/vuln/GO-2026-5023
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-863CWE-863 Incorrect Authorization
Type: CWE
CWE ID: CWE-863
Description: CWE-863 Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
RHEM 1.0 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
flightctl
CPEs
  • cpe:/a:redhat:edge_manager:1.0::el9
Default Status
affected
Versions
Unaffected
  • From 0:1.0.3-1.el9em before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHEM 1.1 for RHEL 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
flightctl
CPEs
  • cpe:/a:redhat:edge_manager:1.1::el10
Default Status
affected
Versions
Unaffected
  • From 0:1.1.3-1.el10em before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHEM 1.1 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
flightctl
CPEs
  • cpe:/a:redhat:edge_manager:1.1:el9
Default Status
affected
Versions
Unaffected
  • From 0:1.1.3-1.el9em before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
DevWorkspace Operator 0.42
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
devworkspace/devworkspace-rhel9-operator
CPEs
  • cpe:/a:redhat:devworkspace:0.42::el9
Default Status
affected
Versions
Unaffected
  • From 1782401674 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
multicluster engine for Kubernetes 2.8
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
multicluster-engine/addon-manager-rhel9
CPEs
  • cpe:/a:redhat:multicluster_engine:2.8::el9
Default Status
affected
Versions
Unaffected
  • From 1782160196 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
multicluster engine for Kubernetes 2.8
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
multicluster-engine/kube-rbac-proxy-mce-rhel9
CPEs
  • cpe:/a:redhat:multicluster_engine:2.8::el9
Default Status
affected
Versions
Unaffected
  • From 1782477094 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
multicluster engine for Kubernetes 2.8
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
multicluster-engine/placement-rhel9
CPEs
  • cpe:/a:redhat:multicluster_engine:2.8::el9
Default Status
affected
Versions
Unaffected
  • From 1782160009 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
multicluster engine for Kubernetes 2.8
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
multicluster-engine/registration-operator-rhel9
CPEs
  • cpe:/a:redhat:multicluster_engine:2.8::el9
Default Status
affected
Versions
Unaffected
  • From 1782160210 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
multicluster engine for Kubernetes 2.8
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
multicluster-engine/registration-rhel9
CPEs
  • cpe:/a:redhat:multicluster_engine:2.8::el9
Default Status
affected
Versions
Unaffected
  • From 1782160541 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
multicluster engine for Kubernetes 2.8
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
multicluster-engine/work-rhel9
CPEs
  • cpe:/a:redhat:multicluster_engine:2.8::el9
Default Status
affected
Versions
Unaffected
  • From 1782159773 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Advanced Cluster Management for Kubernetes 2.13
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhacm2/acm-grafana-rhel9
CPEs
  • cpe:/a:redhat:acm:2.13::el9
Default Status
affected
Versions
Unaffected
  • From 1782383730 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Advanced Cluster Management for Kubernetes 2.13
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhacm2/kube-rbac-proxy-rhel9
CPEs
  • cpe:/a:redhat:acm:2.13::el9
Default Status
affected
Versions
Unaffected
  • From 1782488873 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Advanced Cluster Management for Kubernetes 2.13
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhacm2/multicluster-observability-rhel9-operator
CPEs
  • cpe:/a:redhat:acm:2.13::el9
Default Status
affected
Versions
Unaffected
  • From 1782382711 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Advanced Cluster Security for Kubernetes 4.10
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
advanced-cluster-security/rhacs-main-rhel8
CPEs
  • cpe:/a:redhat:advanced_cluster_security:4.10::el8
Default Status
affected
Versions
Unaffected
  • From 1781686458 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Advanced Cluster Security for Kubernetes 4.11
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
advanced-cluster-security/rhacs-main-rhel9
CPEs
  • cpe:/a:redhat:advanced_cluster_security:4.11::el9
Default Status
affected
Versions
Unaffected
  • From 1783352589 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Advanced Cluster Security for Kubernetes 4.9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
advanced-cluster-security/rhacs-main-rhel8
CPEs
  • cpe:/a:redhat:advanced_cluster_security:4.9::el8
Default Status
affected
Versions
Unaffected
  • From 1781686446 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Edge Manager 1.0
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhem/flightctl-api-rhel9
CPEs
  • cpe:/a:redhat:edge_manager:1.0::el9
Default Status
affected
Versions
Unaffected
  • From 1783502025 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Edge Manager 1.1
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhem/flightctl-api-rhel10
CPEs
  • cpe:/a:redhat:edge_manager:1.1::el10
Default Status
affected
Versions
Unaffected
  • From 1784196588 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Edge Manager 1.1
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhem/flightctl-api-rhel9
CPEs
  • cpe:/a:redhat:edge_manager:1.1::el9
Default Status
affected
Versions
Unaffected
  • From 1784126780 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI 3.4
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhelai3/disk-image-cuda-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3.4::el9
Default Status
affected
Versions
Unaffected
  • From 1782804957 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI 3.4
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhelai3/bootc-aws-cuda-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3.4::el9
Default Status
affected
Versions
Unaffected
  • From 1782758407 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI 3.4
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhelai3/bootc-azure-cuda-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3.4::el9
Default Status
affected
Versions
Unaffected
  • From 1782758410 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI 3.4
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhelai3/bootc-azure-rocm-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3.4::el9
Default Status
affected
Versions
Unaffected
  • From 1782754093 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI 3.4
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhelai3/bootc-cuda-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3.4::el9
Default Status
affected
Versions
Unaffected
  • From 1782744816 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI 3.4
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhelai3/bootc-gcp-cuda-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3.4::el9
Default Status
affected
Versions
Unaffected
  • From 1782758409 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI 3.4
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhelai3/bootc-rocm-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3.4::el9
Default Status
affected
Versions
Unaffected
  • From 1782744830 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Hardened Images
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang1-25-main
CPEs
  • cpe:/a:redhat:hummingbird:1
Default Status
affected
Versions
Unaffected
  • From 1.25.11-2.hum1 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Hardened Images
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang1-26-main
CPEs
  • cpe:/a:redhat:hummingbird:1
Default Status
affected
Versions
Unaffected
  • From 1.26.4-2.hum1 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI 3.3
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhoai/odh-trainer-rhel9
CPEs
  • cpe:/a:redhat:openshift_ai:3.3::el9
Default Status
affected
Versions
Unaffected
  • From 1782471656 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Builds 1.7.4
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-builds/openshift-builds-waiters-rhel9
CPEs
  • cpe:/a:redhat:openshift_builds:1.7::el9
Default Status
affected
Versions
Unaffected
  • From 1783057868 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Builds 1.8.1
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-builds/openshift-builds-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_builds:1.8::el9
Default Status
affected
Versions
Unaffected
  • From 1784121108 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Builds 1.8.1
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-builds/openshift-builds-waiters-rhel9
CPEs
  • cpe:/a:redhat:openshift_builds:1.8::el9
Default Status
affected
Versions
Unaffected
  • From 1783612119 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/cephcsi-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782932114 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/cephcsi-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782931768 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/devicefinder-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782932104 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/mcg-core-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1783536000 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/mcg-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1783535989 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/ocs-client-console-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1783536515 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/ocs-client-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782932521 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/ocs-metrics-exporter-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1783018461 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/ocs-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1783018421 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-blackbox-exporter-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782932812 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-cli-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1783537001 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-cloudnative-pg-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782932919 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-console-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1783537586 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-cosi-sidecar-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782932969 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-csi-addons-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782933015 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-csi-addons-sidecar-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782933042 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-drbd-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1783537392 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-external-snapshotter-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782933235 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-external-snapshotter-sidecar-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782933251 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-multicluster-console-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1783537955 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-multicluster-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782933417 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-must-gather-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1783537742 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odf-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782933602 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odr-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1783019377 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odr-volsync-plugin-mover-rhel9
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782934054 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/odr-volsync-plugin-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782934036 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Data Foundation 4.22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/rook-ceph-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.22::el9
Default Status
affected
Versions
Unaffected
  • From 1782934284 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Dev Spaces 3.29
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
devspaces/traefik-rhel9
CPEs
  • cpe:/a:redhat:openshift_devspaces:3.29::el9
Default Status
affected
Versions
Unaffected
  • From 1782403274 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Trusted Artifact Signer 1.4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
conforma-cli-stack-v1
CPEs
  • cpe:/a:redhat:trusted_artifact_signer:1.4::el9
Default Status
affected
Versions
Unaffected
  • From 4-1.4.2 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Assisted Installer for Red Hat OpenShift Container Platform 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
assisted/agent-preinstall-image-builder-rhel9
CPEs
  • cpe:/a:redhat:assisted_installer:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
cert-manager Operator for Red Hat OpenShift
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cert-manager/jetstack-cert-manager-rhel9
CPEs
  • cpe:/a:redhat:cert_manager:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Confidential Compute Attestation
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-sandboxed-containers/osc-rhel9-operator
CPEs
  • cpe:/a:redhat:confidential_compute_attestation:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Cryostat 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cryostat/cryostat-storage-rhel9
CPEs
  • cpe:/a:redhat:cryostat:4
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
External Secrets Operator for Red Hat OpenShift
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
external-secrets-operator/external-secrets-rhel9
CPEs
  • cpe:/a:redhat:external_secrets_operator:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Multicluster Engine for Kubernetes
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
multicluster-engine/assisted-service-8-rhel8
CPEs
  • cpe:/a:redhat:multicluster_engine
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Multicluster Engine for Kubernetes
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
multicluster-engine/assisted-service-9-rhel9
CPEs
  • cpe:/a:redhat:multicluster_engine
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Multicluster Engine for Kubernetes
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
multicluster-engine/backplane-rhel9-operator
CPEs
  • cpe:/a:redhat:multicluster_engine
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Multicluster Engine for Kubernetes
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
multicluster-engine/cluster-image-set-controller-rhel9
CPEs
  • cpe:/a:redhat:multicluster_engine
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Multicluster Engine for Kubernetes
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
multicluster-engine/hypershift-addon-rhel9-operator
CPEs
  • cpe:/a:redhat:multicluster_engine
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Multicluster Engine for Kubernetes
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
multicluster-engine/managedcluster-import-controller
CPEs
  • cpe:/a:redhat:multicluster_engine
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Multicluster Engine for Kubernetes
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
multicluster-engine/multicloud-manager-rhel9
CPEs
  • cpe:/a:redhat:multicluster_engine
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
OpenShift API for Data Protection
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
oadp/oadp-velero-rhel9
CPEs
  • cpe:/a:redhat:openshift_api_data_protection:1
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
OpenShift Pipelines
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-pipelines-client
CPEs
  • cpe:/a:redhat:openshift_pipelines:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
OpenShift Serverless
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-serverless-1/kn-plugin-func-func-util-rhel9
CPEs
  • cpe:/a:redhat:serverless:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
OpenShift Serverless
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-serverless-clients
CPEs
  • cpe:/a:redhat:serverless:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Advanced Cluster Management for Kubernetes 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhacm2/multicloud-integrations-rhel9
CPEs
  • cpe:/a:redhat:acm:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Advanced Cluster Management for Kubernetes 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhacm2/multiclusterhub-rhel9
CPEs
  • cpe:/a:redhat:acm:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Advanced Cluster Management for Kubernetes 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhacm2/multicluster-operators-channel-rhel9
CPEs
  • cpe:/a:redhat:acm:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Advanced Cluster Management for Kubernetes 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhacm2/multicluster-operators-subscription-rhel9
CPEs
  • cpe:/a:redhat:acm:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Advanced Cluster Management for Kubernetes 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhacm2/observatorium-rhel9-operator
CPEs
  • cpe:/a:redhat:acm:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Advanced Cluster Management for Kubernetes 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhacm2/volsync-rhel9
CPEs
  • cpe:/a:redhat:acm:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ceph Storage 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhceph/alloy-rhel10
CPEs
  • cpe:/a:redhat:ceph_storage:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
buildah
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gvisor-tap-vsock
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
podman
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
trustee
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
container-tools:rhel8/buildah
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
container-tools:rhel8/podman
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
buildah
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gvisor-tap-vsock
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
podman
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI (RHEL AI) 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-data-science-pipelines-argo-argoexec-rhel9
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-model-registry-rhel8
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-model-registry-rhel9
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cri-o
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
microshift
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift4/ose-hypershift-rhel9
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift4/ose-ptp
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift4/ose-ptp-rhel9
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift4/ose-vsphere-csi-driver-rhel8
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift4/ose-vsphere-csi-driver-rhel9
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift4-wincw/windows-machine-config-rhel8-operator
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ose-azure-acr-image-credential-provider
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
podman
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift for Windows Containers
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift4-wincw/windows-machine-config-rhel9-operator
CPEs
  • cpe:/a:redhat:windows_machine_config
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift GitOps
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-gitops-1/argocd-rhel8
CPEs
  • cpe:/a:redhat:openshift_gitops:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift GitOps
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-gitops-1/argocd-rhel9
CPEs
  • cpe:/a:redhat:openshift_gitops:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift on AWS
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rosa
CPEs
  • cpe:/a:redhat:openshift_service_on_aws:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Virtualization 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kubevirt
CPEs
  • cpe:/a:redhat:container_native_virtualization:4
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 16.2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang-googlecode-go-crypto
CPEs
  • cpe:/a:redhat:openstack:16.2
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 16.2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhosp-rhel8/osp-director-agent
CPEs
  • cpe:/a:redhat:openstack:16.2
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 17.1
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhosp-rhel9/osp-director-agent
CPEs
  • cpe:/a:redhat:openstack:17.1
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 18.0
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoso-operators/octavia-rhel9-operator
CPEs
  • cpe:/a:redhat:openstack:18.0
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Quay 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
quay/quay-builder-rhel8
CPEs
  • cpe:/a:redhat:quay:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Quay 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
quay/quay-builder-rhel9
CPEs
  • cpe:/a:redhat:quay:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Security Profiles Operator
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
compliance/openshift-security-profiles-rhel8-operator
CPEs
  • cpe:/a:redhat:openshift_security_profiles_operator:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Zero Trust Workload Identity Manager
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9
CPEs
  • cpe:/a:redhat:zero_trust_workload_identity_manager:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Zero Trust Workload Identity Manager - Tech Preview
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9
CPEs
  • cpe:/a:redhat:zero_trust_workload_identity_manager:0
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-303Incorrect Implementation of Authentication Algorithm
Type: CWE
CWE ID: CWE-303
Description: Incorrect Implementation of Authentication Algorithm
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

RHSA-2026:41019: RHEM 1.1 for RHEL 10, RHEM 1.1 for RHEL 9

RHSA-2026:36796: RHEM 1.0 for RHEL 9

RHSA-2026:36808: DevWorkspace Operator 0.42

RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13

RHSA-2026:26547: Red Hat Advanced Cluster Security for Kubernetes 4.10

RHSA-2026:36207: Red Hat Advanced Cluster Security for Kubernetes 4.11

RHSA-2026:26546: Red Hat Advanced Cluster Security for Kubernetes 4.9

RHSA-2026:36651: Red Hat Edge Manager 1.0

RHSA-2026:40945: Red Hat Edge Manager 1.1

RHSA-2026:40118: Red Hat Edge Manager 1.1

RHSA-2026:33531: Red Hat Enterprise Linux AI 3.4

RHSA-2026:33524: Red Hat Enterprise Linux AI 3.4

RHSA-2026:23262: Red Hat Hardened Images

RHSA-2026:23264: Red Hat Hardened Images

RHSA-2026:37275: Red Hat OpenShift AI 3.3

RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4

RHSA-2026:41036: Red Hat OpenShift Builds 1.8.1

RHSA-2026:36820: Red Hat OpenShift Dev Spaces 3.29

RHSA-2026:37387: Red Hat Openshift Data Foundation 4.22

RHSA-2026:36797: Red Hat Trusted Artifact Signer 1.4

RHSA-2026:30650: multicluster engine for Kubernetes 2.8

Configurations

Workarounds

Upgrade to a fixed golang.org/x/crypto/ssh release via updated golang or package rebuilds. Ensure SSH servers use supported public-key callback configurations with source-address validation as intended.

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-05-22 04:01:52
Made public.2026-05-22 02:31:27
Event: Reported to Red Hat.
Date: 2026-05-22 04:01:52
Event: Made public.
Date: 2026-05-22 02:31:27
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-46595
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2480689
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46595.json
x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:41019
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:36796
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:36808
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30651
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26547
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:36207
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26546
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:36651
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:40945
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:40118
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33531
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33524
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23262
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23264
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:37275
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:36648
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:41036
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:36820
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:37387
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:36797
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30650
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-46595
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2480689
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46595.json
Resource:
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/errata/RHSA-2026:41019
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36796
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36808
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30651
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:26547
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36207
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:26546
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36651
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:40945
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:40118
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:33531
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:33524
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:23262
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:23264
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:37275
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36648
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:41036
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36820
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:37387
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36797
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30650
Resource:
vendor-advisory
x_refsource_REDHAT
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@golang.org
Published At:22 May, 2026 | 04:16
Updated At:17 Jul, 2026 | 13:18

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
N/A
Type: Secondary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Go
golang
>>crypto>>Versions before 0.52.0(exclusive)
cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*
Weaknesses
CWE IDTypeSource
CWE-863Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-303Secondary0b0ca135-0b70-47e7-9f44-1890c2a1c46c
CWE ID: CWE-863
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-303
Type: Secondary
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://go.dev/cl/781642security@golang.org
Issue Tracking
https://go.dev/issue/79570security@golang.org
Issue Tracking
https://groups.google.com/g/golang-announce/c/a082jnz-LvIsecurity@golang.org
Mailing List
https://pkg.go.dev/vuln/GO-2026-5023security@golang.org
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:232620b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:232640b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:265460b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:265470b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:306500b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:306510b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:335240b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:335310b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:362070b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:366480b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:366510b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:367960b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:367970b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:368080b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:368200b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:372750b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:373870b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:401180b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:409450b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:410190b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:410360b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/security/cve/CVE-2026-465950b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=24806890b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46595.json0b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
Hyperlink: https://go.dev/cl/781642
Source: security@golang.org
Resource:
Issue Tracking
Hyperlink: https://go.dev/issue/79570
Source: security@golang.org
Resource:
Issue Tracking
Hyperlink: https://groups.google.com/g/golang-announce/c/a082jnz-LvI
Source: security@golang.org
Resource:
Mailing List
Hyperlink: https://pkg.go.dev/vuln/GO-2026-5023
Source: security@golang.org
Resource:
Vendor Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2026:23262
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:23264
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:26546
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:26547
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30650
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30651
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:33524
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:33531
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36207
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36648
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36651
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36796
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36797
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36808
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:36820
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:37275
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:37387
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:40118
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:40945
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:41019
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:41036
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-46595
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2480689
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46595.json
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

55Records found

CVE-2025-55131
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.1||HIGH
EPSS-3.49% / 87.84%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 20:41
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption. While exploitation typically requires precise timing or in-process code execution, it can become remotely exploitable when untrusted input influences workload and timeouts, leading to potential confidentiality and integrity impact.

Action-Not Available
Vendor-Red Hat, Inc.Node.js (OpenJS Foundation)
Product-nodeRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Hardened Images
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2026-35397
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.6||HIGH
EPSS-0.58% / 44.00%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 19:37
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named "test", the API permits access to a sibling directory named "testtest" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named "user1" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories. Version 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory.

Action-Not Available
Vendor-jupyterjupyter-serverRed Hat, Inc.
Product-jupyter_serverjupyter_serverRed Hat OpenShift AI (RHOAI)Migration Toolkit for Applications 8
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-8922
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 20.08%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 06:27
Updated-26 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: security flaw in org.keycloak/keycloak-services

A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially leading to unauthorized access or continued session validity. This could impact the security of systems utilizing Keycloak for identity and access management.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6.3Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CVE-2026-9791
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 11.82%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 03:27
Updated-26 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-rhel9: organization data leak after feature disabled in keycloak

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6.3Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-1832
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.48% / 38.60%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 13:05
Updated-19 Sep, 2024 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper authorization check in the server component

An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.

Action-Not Available
Vendor-candlepinprojectn/aRed Hat, Inc.
Product-candlepinsatellitecandlepin-4.3.7candlepin-4.3.8Red Hat Satellite 6
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-6383
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 4.63%
||
7 Day CHG~0.00%
Published-15 Apr, 2026 | 18:22
Updated-17 Apr, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation

A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources, potentially disclosing sensitive information or performing actions they are not permitted to do. Additionally, legitimate users may be denied access to resources.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Virtualization 4
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-43999
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.97% / 58.12%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 17:21
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox escape

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin exposes Node's Module._load(), which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This allows sandboxed code to load excluded builtins like child_process and achieve remote code execution. This vulnerability is fixed in 3.11.0.

Action-Not Available
Vendor-vm2_projectpatriksimekRed Hat, Inc.
Product-vm2vm2Self-service automation portal 2Red Hat Developer Hub
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-62147
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.03%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 11:43
Updated-13 Jul, 2026 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tempo-operator: tempo operator: query rbac bypass

The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift distributed tracing 3
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-14843
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.19% / 64.46%
||
7 Day CHG~0.00%
Published-07 Jan, 2020 | 16:34
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onjboss_enterprise_application_platformwildfly-security-manager
CWE ID-CWE-592
DEPRECATED: Authentication Bypass Issues
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-4641
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.26% / 17.21%
||
7 Day CHG~0.00%
Published-27 Dec, 2023 | 15:43
Updated-03 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shadow-utils: possible password leak during passwd(1) change

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

Action-Not Available
Vendor-shadow-maintRed Hat, Inc.
Product-shadow-utilsenterprise_linux_for_ibm_z_systemsenterprise_linuxcodeready_linux_builder_for_ibm_z_systemsenterprise_linux_for_power_little_endianenterprise_linux_for_arm_64codeready_linux_builder_for_arm64codeready_linux_builder_for_power_little_endiancodeready_linux_builderRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.8 Extended Update Support
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CVE-2026-50559
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.46% / 37.24%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 20:26
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons (%3B) to smuggle matrix parameters past the security layer, and using encoded slashes (%2F) or backslashes (%5C) to access protected static resources. This is a distinct issue from CVE-2026-39852, which addressed only literal semicolon stripping. Versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2 contain a patch.

Action-Not Available
Vendor-quarkusquarkusioRed Hat, Inc.
Product-quarkusquarkusRed Hat Build of KeycloakRed Hat build of Quarkus 3.20.6.SP2Red Hat Fuse 7Streams for Apache Kafka 2.9.4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apicurio Registry 3Red Hat build of Quarkus 3.33.2.SP1streams for Apache Kafka 3Red Hat Build of Apache Camel 3.33 for Quarkus 3.33.2.SP1Red Hat build of Debezium 3Red Hat build of Apache Camel - HawtIO 4Cryostat 4OpenShift ServerlessRed Hat build of Quarkus 3.27.4.SP1Red Hat build of Apache Camel 4 for Quarkus 3Red Hat OpenShift Dev Spaces 3.29Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-47102
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.65% / 47.18%
||
7 Day CHG~0.00%
Published-21 May, 2026 | 20:34
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiteLLM < 1.83.10 Privilege Escalation via User Update

LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin, gaining full administrative access to LiteLLM including all users, teams, keys, models, and prompt history. Users with the org_admin role have legitimate access to this endpoint and can exploit this vulnerability without chaining any additional flaw.

Action-Not Available
Vendor-litellmBerriAIRed Hat, Inc.
Product-litellmlitellmRed Hat OpenShift AI (RHOAI)Exploit IntelligenceRed Hat Ansible Automation Platform 2
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CVE-2026-45490
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.64%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:04
Updated-15 Jul, 2026 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET SDK Elevation of Privilege Vulnerability

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft Corporation
Product-.netwindows.NET 8.0.NET 9.0.NET 10.0Red Hat Enterprise Linux 9Red Hat Hardened ImagesRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-44573
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.03%
||
7 Day CHG+0.01%
Published-13 May, 2026 | 16:48
Updated-16 Jul, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Next.js: Middleware / Proxy bypass in Pages Router applications using i18n

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /_next/data/<buildId>/<page>.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing an attacker to retrieve SSR JSON for protected pages without passing the intended authorization checks. This vulnerability is fixed in 15.5.16 and 16.2.5.

Action-Not Available
Vendor-vercelvercelRed Hat, Inc.
Product-next.jsnext.jsRed Hat Trusted Artifact Signer 1.3Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7streams for Apache Kafka 3Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Streams for Apache Kafka 2.9.4Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-43000
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.33% / 24.90%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 00:00
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim's identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim's actual role assignments in the database, not the roles on the requesting token. This allows the attacker to create a trust delegating the victim's admin role to themselves. The trust persists independently, and additional trusts and application credentials can be created to maintain access. All actions are logged under the victim's identity.

Action-Not Available
Vendor-OpenStackRed Hat, Inc.
Product-keystoneKeystoneRed Hat OpenStack Platform 16.2Red Hat OpenStack Platform 13 (Queens)Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-44173
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.40% / 32.21%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 17:34
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.

Action-Not Available
Vendor-Red Hat, Inc.MariaDB Foundation
Product-mariadbserverRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened Images
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42296
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.42% / 34.45%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 03:52
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable SA token mounting. This defeats the stated purpose of the feature. The practical impact depends on what Kubernetes-level controls are in place. Clusters with PodSecurity admission or OPA/Gatekeeper would independently block some of these (like hostNetwork). Clusters that rely on Argo's Strict mode as the primary enforcement layer are fully exposed. This issue has been patched in versions 3.7.14 and 4.0.5.

Action-Not Available
Vendor-argoprojargoprojRed Hat, Inc.
Product-argo_workflowsargo-workflowsRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-41283
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.73% / 50.24%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 00:00
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

Action-Not Available
Vendor-Red Hat, Inc.OpenStack
Product-MistralRed Hat OpenStack Platform 16.2
CWE ID-CWE-749
Exposed Dangerous Method or Function
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-11060
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.30% / 21.76%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 12:01
Updated-07 Nov, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Surrealdb: surrealdb is vulnerable to unauthorized data exposure via live query subscriptions

A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records.

Action-Not Available
Vendor-Red Hat, Inc.
Product-OpenShift Service Mesh 3
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-9902
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.26% / 17.04%
||
7 Day CHG+0.01%
Published-06 Nov, 2024 | 09:56
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ansible-core: ansible-core user may read/write unauthorized content

A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Ansible Automation Platform 2.4 for RHEL 9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat OpenStack Platform 17.1 for RHEL 9Ansible Automation Platform Execution EnvironmentsRed Hat Ansible Automation Platform 2.4 for RHEL 8Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux 10
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-3248
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.40% / 32.40%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 13:28
Updated-29 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift api admission checks does not enforce "custom-host" permissions

A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshift_container_platformadvanced_cluster_management_for_kuberneteskubernetesRed Hat Ansible Automation Platform 1.2Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Ansible Tower 3Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 3.11
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-50627
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-0.45% / 36.02%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 08:55
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-cxfApache CXFRed Hat Fuse 7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Web Server 5Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot 3.5.16
CWE ID-CWE-289
Authentication Bypass by Alternate Name
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CVE-2026-47101
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.74% / 50.44%
||
7 Day CHG~0.00%
Published-21 May, 2026 | 20:33
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.

Action-Not Available
Vendor-litellmBerriAIRed Hat, Inc.
Product-litellmlitellmRed Hat OpenShift AI (RHOAI)Exploit IntelligenceRed Hat Ansible Automation Platform 2
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-43001
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.9||HIGH
EPSS-0.46% / 36.76%
||
7 Day CHG+0.01%
Published-01 May, 2026 | 00:00
Updated-15 Jul, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credential for project A to create an EC2 credential targeting project B; a subsequent /v3/ec2tokens exchange would then issue a Keystone token scoped to project B while still carrying the original app_cred_id, enabling cross-project lateral movement within the credential owner's role footprint.

Action-Not Available
Vendor-Red Hat, Inc.OpenStack
Product-keystoneKeystoneRed Hat OpenStack Platform 16.2Red Hat OpenStack Platform 13 (Queens)Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0
CWE ID-CWE-1288
Improper Validation of Consistency within Input
CWE ID-CWE-863
Incorrect Authorization
CVE-2017-2632
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-1.47% / 70.88%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.

Action-Not Available
Vendor-Red Hat, Inc.
Product-cloudforms_management_enginecloudformscfme
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42999
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.33% / 25.10%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 00:00
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy_dict.update(json_input.copy()), overwriting trusted target data that was previously set from database lookups. Because flask.request.get_json is called with force=True, this works regardless of Content-Type or HTTP method. Any authenticated user can inject arbitrary policy target attributes (e.g., user_id, project_id) into the request body to bypass RBAC checks and perform unauthorized operations on resources belonging to other users or projects. This was introduced in commit 5ea59f52 (Rocky/14.0.0).

Action-Not Available
Vendor-OpenStackRed Hat, Inc.
Product-keystoneKeystoneRed Hat OpenStack Platform 16.2Red Hat OpenStack Platform 13 (Queens)Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-39852
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.44% / 35.94%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 20:58
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quarkus authorization bypass via semicolon path normalization inconsistency

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP path-based authorization policies. Quarkus's security layer performs authorization checks on the raw URL path which preserves matrix parameters (semicolons), while RESTEasy Reactive's routing layer strips matrix parameters before matching endpoints. An attacker can append a semicolon and arbitrary text to a request URL (e.g., /api/admin;anything) to bypass policies protecting /api/admin while still routing to the protected endpoint. This issue has been fixed in versions 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2.

Action-Not Available
Vendor-quarkusquarkusioRed Hat, Inc.
Product-quarkusquarkusCryostat 4 on RHEL 9Red Hat build of Apicurio Registry 2Red Hat Build of KeycloakRed Hat Process Automation 7Red Hat Fuse 7Red Hat build of Quarkus 3.20.6.SP1Streams for Apache Kafka 2.9.4Red Hat Build of Apache Camel 4.14 for Quarkus 3.27Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apicurio Registry 3streams for Apache Kafka 3Red Hat build of Debezium 3OpenShift ServerlessHawtIO HawtIO 4.4.0Red Hat build of Apache Camel 4 for Quarkus 3Red Hat build of Quarkus 3.27.3.SP1Red Hat build of OptaPlanner 8Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-35579
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.51% / 40.15%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 20:29
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify() to validate the HMAC. If the key name matches a configured key, the tsigStatus field remains nil and the tsig plugin treats the request as successfully authenticated regardless of the MAC value. For DoH and DoH3, the issue is more severe: the DoHWriter.TsigStatus() method unconditionally returns nil, and the server never inspects the TSIG record at all. Any request containing a TSIG record is treated as authenticated over DoH and DoH3, even if the key name is invalid and the MAC is arbitrary. An unauthenticated network attacker can exploit this to bypass TSIG-protected functionality such as AXFR/IXFR zone transfers, dynamic DNS updates, or other TSIG-gated plugin behavior. The DoH and DoH3 variants have a lower exploitation bar because the attacker does not need to know a valid TSIG key name. This issue has been fixed in version 1.14.3. As a workaround, disable gRPC, QUIC, DoH, and DoH3 listeners where TSIG authentication is required, or restrict network-level access to affected transport ports to trusted sources only.

Action-Not Available
Vendor-coredns.iocorednsRed Hat, Inc.
Product-corednscorednsRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Advanced Cluster Management for Kubernetes 2.14Red Hat OpenShift Container Platform 4
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CVE-2026-35029
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-26.41% / 97.78%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 16:35
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment variables, register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution, read arbitrary server files by setting UI_LOGO_PATH and fetching via /get_image, and take over other privileged accounts by overwriting UI_USERNAME and UI_PASSWORD environment variables. Fixed in v1.83.0.

Action-Not Available
Vendor-litellmBerriAIRed Hat, Inc.
Product-litellmlitellmLightspeed CoreRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat OpenShift AI 3.3Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CWE ID-CWE-863
Incorrect Authorization
CVE-2014-0169
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 51.72%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 19:09
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformJBoss EAP
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-33557
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-0.58% / 43.87%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 13:28
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication

A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token without validating its signature, issuer, or audience. An attacker can generate a JWT token from any issuer with the `preferred_username` set to any user, and the broker will accept it. We advise the Kafka users using kafka v4.1.0 or v4.1.1 to set the config `sasl.oauthbearer.jwt.validator.class` to `org.apache.kafka.common.security.oauthbearer.BrokerJwtValidator` explicitly to avoid this vulnerability. Since Kafka v4.1.2 and v4.2.0 and later, the issue is fixed and will correctly validate the JWT token.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-kafkaApache KafkaRed Hat build of Apicurio Registry 2Red Hat Process Automation 7Red Hat build of Debezium 2Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apicurio Registry 3Red Hat build of Apache Camel for Spring Boot 4Red Hat Enterprise Linux 9Red Hat Data Grid 8streams for Apache Kafka 3Red Hat build of Debezium 3Red Hat Enterprise Linux 8OpenShift ServerlessRed Hat JBoss Enterprise Application Platform 7streams for Apache Kafka 2Red Hat build of Apache Camel 4 for Quarkus 3Red Hat JBoss Enterprise Application Platform 8Red Hat build of Quarkus
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CVE-2026-32597
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.64%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 21:41
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.

Action-Not Available
Vendor-pyjwt_projectjpadillaRed Hat, Inc.
Product-pyjwtpyjwtRed Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat AI Inference ServerRed Hat AI Inference Server 3.3Red Hat Enterprise Linux AI 3.3Red Hat Satellite 6.18Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Quay 3.16Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat Quay 3.9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2.5Red Hat Ansible Automation Platform 2Red Hat Satellite 6Red Hat Quay 3.12OpenShift LightspeedRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Ansible Automation Platform 2.6Red Hat Quay 3.10Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-33217
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.26% / 17.44%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 19:43
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NATS allows MQTT clients to bypass ACL checks

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the `$MQTT.>` namespace, allowing MQTT clients to bypass ACL checks for MQTT subjects. Versions 2.11.15 and 2.12.6 contain a fix. No known workarounds are available.

Action-Not Available
Vendor-nats-ioRed Hat, Inc.The Linux Foundation
Product-nats-servernats-serverMulticluster Global Hub 1.5.4Multicluster Global Hub 1.6.2Multicluster Global Hub 1.4.5Red Hat OpenShift Container Platform 4
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-2698
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.67% / 47.77%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 08:03
Updated-20 Nov, 2025 | 07:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.

Action-Not Available
Vendor-freeipaRed Hat, Inc.
Product-enterprise_linux_eusfreeipaenterprise_linuxRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-31892
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.41% / 33.52%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 15:41
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as a mechanism to restrict users to admin-approved templates. The podSpecPatch field on a submitted Workflow takes precedence over the referenced WorkflowTemplate during spec merging and is applied directly to the pod spec at creation time with no security validation. This vulnerability is fixed in 4.0.2 and 3.7.11.

Action-Not Available
Vendor-argoprojargoprojRed Hat, Inc.
Product-argo_workflowsargo-workflowsRed Hat OpenShift AI 2.25Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-3009
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-0.33% / 25.45%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 18:27
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass)

A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakjboss_enterprise_application_platformsingle_sign-onjboss_enterprise_application_platform_expansion_packRed Hat build of Keycloak 26.4Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 8Red Hat build of Keycloak 26.4.10Red Hat build of Keycloak 26.4Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 8Red Hat build of Keycloak 26.4.10
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28808
Matching Score-6
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
ShareView Details
Matching Score-6
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CVSS Score-8.3||HIGH
EPSS-0.53% / 41.26%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 12:28
Updated-15 Jul, 2026 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a URL prefix to a directory outside DocumentRoot, mod_auth evaluates directory-based access controls against the DocumentRoot-relative path while mod_cgi executes the script at the ScriptAlias-resolved path. This path mismatch allows unauthenticated access to CGI scripts that directory rules were meant to protect. This vulnerability is associated with program files lib/inets/src/http_server/mod_alias.erl, lib/inets/src/http_server/mod_auth.erl, and lib/inets/src/http_server/mod_cgi.erl. This issue affects OTP from OTP 17.0 until OTP 28.4.2, 27.3.4.10 and 26.2.5.19 corresponding to inets from 5.10 until 9.6.2, 9.3.2.4 and 9.1.0.6.

Action-Not Available
Vendor-erlangErlangRed Hat, Inc.
Product-erlang\/inetserlang\/otpOTPRed Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28229
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 47.12%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 15:37
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Argo Workflows has unauthorized access to Argo Workflows Template

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates). Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. This vulnerability is fixed in 4.0.2 and 3.7.11.

Action-Not Available
Vendor-argoprojargoprojRed Hat, Inc.
Product-argo_workflowsargo-workflowsRed Hat OpenShift AI 2.25Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-27140
Matching Score-6
Assigner-Go Project
ShareView Details
Matching Score-6
Assigner-Go Project
CVSS Score-8.8||HIGH
EPSS-0.66% / 47.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code execution vulnerability in SWIG code generation in cmd/go

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

Action-Not Available
Vendor-Go toolchainRed Hat, Inc.Go
Product-gocmd/goRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsOpenShift Service Mesh 2Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportOpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat OpenShift Virtualization 4Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-641
Improper Restriction of Names for Files and Other Resources
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-2293
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.2||HIGH
EPSS-0.67% / 47.69%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 16:15
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NestJS 11.1.13 - Lack of data validation allowing authentication/authorization bypass

A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13.

Action-Not Available
Vendor-nestjsnest.jsRed Hat, Inc.
Product-nestnest.jsRed Hat Developer HubRed Hat OpenShift Container Platform 4
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-22822
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.18% / 7.18%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 21:22
Updated-15 Jul, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the `getSecretKey` template function, while introduced for senhasegura Devops Secrets Management (DSM) provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed in version 1.2.0, as everything done with that templating function can be done in a different way while respecting External Secrets Operator's safeguards As a workaround, use a policy engine such as Kubernetes, Kyverno, Kubewarden, or OPA to prevent the usage of `getSecretKey` in any ExternalSecret resource.

Action-Not Available
Vendor-external-secretsexternal-secretsRed Hat, Inc.
Product-external_secrets_operatorexternal-secretsExternal Secrets Operator for Red Hat OpenShiftexternal secrets operator for Red Hat OpenShift - Tech Preview
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-10306
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 19.61%
||
7 Day CHG+0.02%
Published-23 Apr, 2025 | 09:59
Updated-30 Jun, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requests

A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat JBoss Core ServicesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 10
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-21721
Matching Score-6
Assigner-Grafana Labs
ShareView Details
Matching Score-6
Assigner-Grafana Labs
CVSS Score-8.1||HIGH
EPSS-0.65% / 46.94%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 09:07
Updated-17 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation.

Action-Not Available
Vendor-Red Hat, Inc.Grafana Labs
Product-grafanagrafana/grafana-enterprisegrafana/grafanaRed Hat Enterprise Linux 9Multicluster Global HubRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Advanced Cluster Management for Kubernetes 2.11Red Hat Enterprise Linux 8Red Hat Advanced Cluster Management for Kubernetes 2.12Red Hat Advanced Cluster Management for Kubernetes 2.13Red Hat Ceph Storage 5Red Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Ceph Storage 8Red Hat Ceph Storage 6
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-10295
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.01%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 17:55
Updated-20 Mar, 2026 | 10:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request

A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.

Action-Not Available
Vendor-Red Hat, Inc.
Product-3scale_api_managementRed Hat 3scale API Management Platform 2
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-12773
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.61% / 45.31%
||
7 Day CHG~0.00%
Published-21 Jun, 2026 | 03:15
Updated-15 Jul, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.

Action-Not Available
Vendor-litellmBerriAIRed Hat, Inc.
Product-litellmlitellmRed Hat OpenShift AI (RHOAI)Exploit IntelligenceRed Hat Ansible Automation Platform 2
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CVE-2023-4853
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-1.21% / 65.14%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 09:47
Updated-07 Nov, 2025 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quarkus: http security policy bypass

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.

Action-Not Available
Vendor-quarkusRed Hat, Inc.
Product-jboss_middleware_text-only_advisoriesintegration_service_registryintegration_camel_kbuild_of_optaplannerquarkusprocess_automation_manageropenshift_container_platformenterprise_linuxjboss_middlewareopenshift_serverlessbuild_of_quarkusdecision_managerintegration_camel_quarkusRHINT Service Registry 2.5.4 GARed Hat Camel Extensions for Quarkus 2.13.3-1Red Hat OpenShift Serverless 1.30RHINT Camel-K-1.10.2Red Hat build of Quarkus 2.13.8.SP2Red Hat Process Automation 7RHEL-8 based Middleware ContainersRed Hat build of OptaPlanner 8RHPAM 7.13.4 asyncOpenshift Serverless 1 on RHEL 8
CWE ID-CWE-148
Improper Neutralization of Input Leaders
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-9572
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.35% / 27.03%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 07:28
Updated-24 Mar, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foreman: satellite: graphql api permission bypass leads to information disclosure

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

Action-Not Available
Vendor-The ForemanThe ForemanRed Hat, Inc.
Product-foremansatellitesatellite_capsuleenterprise_linuxRed Hat Satellite 6.16 for RHEL 8ForemanRed Hat Satellite 6.18 for RHEL 9Red Hat Satellite 6.17 for RHEL 9Red Hat Satellite 6.16 for RHEL 9Red Hat Satellite 6.15 for RHEL 8
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-4194
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 19.35%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 13:19
Updated-24 Mar, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid

A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, IncFedora ProjectRed Hat, Inc.
Product-debian_linuxlinux_kernelfedoraenterprise_linuxRed Hat Virtualization 4Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-3899
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.25% / 16.69%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 10:49
Updated-20 Nov, 2025 | 07:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

Action-Not Available
Vendor-Red Hat, Inc.Fedora Project
Product-enterprise_linux_serverenterprise_linux_for_arm_64_eusenterprise_linux_server_update_services_for_sap_solutionsenterprise_linux_server_ausenterprise_linuxenterprise_linux_update_services_for_sap_solutionsenterprise_linux_desktopenterprise_linux_for_arm_64enterprise_linux_for_scientific_computingenterprise_linux_workstationfedorasubscription-managerenterprise_linux_eusenterprise_linux_for_ibm_z_systemsenterprise_linux_for_power_little_endian_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_server_tusenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_big_endianRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.1 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-69196
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.36% / 28.06%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 18:07
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FastMCP OAuth Proxy token reuse across MCP servers

FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for the MCP server, the token is issued for the base_url passed to the OAuthProxy during initialization. This issue has been patched 2.14.2.

Action-Not Available
Vendor-jlowinjlowinRed Hat, Inc.
Product-fastmcpfastmcpRed Hat OpenShift AI (RHOAI)Red Hat Satellite 6.18Red Hat Developer Hub
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • Next
Details not found