Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Multicluster Global Hub 1.3.4

Source -

ADP

CNA CVEs -

0

ADP CVEs -

18

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
18Vulnerabilities found

CVE-2026-43869
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-7.3||HIGH
EPSS-0.63% / 45.85%
||
7 Day CHG+0.34%
Published-05 May, 2026 | 07:25
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: TSSLTransportFactory.java hostname verification

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-thriftApache ThriftOpenShift Service Mesh 2Cryostat 4 on RHEL 9Red Hat OpenStack Platform 18.0Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Multicluster Global Hub 1.7.1Red Hat Advanced Cluster Management for Kubernetes 2.16Red Hat AI Inference ServerRed Hat Fuse 7Red Hat Advanced Cluster Management for Kubernetes 2.13Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Advanced Cluster Management for Kubernetes 2Multicluster Global HubRed Hat OpenShift distributed tracing 3.10.1Red Hat OpenShift distributed tracing 3Red Hat Data Grid 8Red Hat OpenShift Container Platform 4Red Hat Build of Apache Camel 3.33 for Quarkus 3.33.2.SP1Red Hat Enterprise Linux 8Multicluster Global Hub 1.5.4Red Hat build of Apache Camel 4 for Quarkus 3Red Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.4.5
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CVE-2026-41607
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.97% / 57.41%
||
7 Day CHG+0.45%
Published-28 Apr, 2026 | 09:21
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: C++ JSON OOB read

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-thriftApache ThriftRed Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.3.4Red Hat OpenShift Container Platform 4Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat OpenShift GitOpsRed Hat AI Inference ServerRed Hat OpenShift distributed tracing 3Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.6.2OpenShift Service Mesh 2Red Hat OpenShift distributed tracing 3.9.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-41606
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-1.14% / 62.82%
||
7 Day CHG+0.56%
Published-28 Apr, 2026 | 09:21
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: c_glib dispatch stack overflow

Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-thriftApache ThriftRed Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.3.4Red Hat OpenShift Container Platform 4Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat OpenShift GitOpsRed Hat AI Inference ServerRed Hat OpenShift distributed tracing 3Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.6.2OpenShift Service Mesh 2Red Hat OpenShift distributed tracing 3.9.3
CWE ID-CWE-606
Unchecked Input for Loop Condition
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2026-41605
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-7.3||HIGH
EPSS-0.97% / 57.41%
||
7 Day CHG+0.42%
Published-28 Apr, 2026 | 09:20
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: Swift Compact Protocol integer overflow

Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-thriftApache ThriftRed Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.3.4Red Hat OpenShift Container Platform 4Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat OpenShift GitOpsRed Hat AI Inference ServerRed Hat OpenShift distributed tracing 3Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.6.2OpenShift Service Mesh 2Red Hat OpenShift distributed tracing 3.9.3
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-41604
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-8.2||HIGH
EPSS-0.95% / 57.03%
||
7 Day CHG+0.37%
Published-28 Apr, 2026 | 09:20
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: Swift Range crash in skip()

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-thriftApache ThriftRed Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.3.4Red Hat OpenShift Container Platform 4Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat OpenShift GitOpsRed Hat AI Inference ServerRed Hat OpenShift distributed tracing 3Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.6.2OpenShift Service Mesh 2Red Hat OpenShift distributed tracing 3.9.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-41603
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-7.4||HIGH
EPSS-0.59% / 44.04%
||
7 Day CHG+0.34%
Published-28 Apr, 2026 | 09:19
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: Java TSSLTransportFactory hostname verification

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-thriftApache ThriftRed Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.3.4Red Hat OpenShift Container Platform 4Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat OpenShift GitOpsRed Hat AI Inference ServerRed Hat OpenShift distributed tracing 3Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.6.2OpenShift Service Mesh 2Red Hat OpenShift distributed tracing 3.9.3
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-41602
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.16% / 63.37%
||
7 Day CHG+0.48%
Published-28 Apr, 2026 | 09:19
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: Go TFramedTransport uint32 overflow

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-thriftApache ThriftRed Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat Advanced Cluster Management for Kubernetes 2.16Multicluster Global Hub 1.7.1Red Hat Ceph Storage 6Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.6.2Red Hat OpenStack Platform 18.0Multicluster Global HubMulticluster Global Hub 1.3.4Red Hat OpenShift Container Platform 4Red Hat OpenShift GitOpsRed Hat Ceph Storage 5Red Hat AI Inference ServerRed Hat Ceph Storage 9OpenShift Service Mesh 2Red Hat OpenShift distributed tracing 3.9.3
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-21728
Assigner-Grafana Labs
ShareView Details
Assigner-Grafana Labs
CVSS Score-7.5||HIGH
EPSS-0.65% / 46.40%
||
7 Day CHG+0.26%
Published-24 Apr, 2026 | 08:00
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tempo query limit results in unbounded memory allocation

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18).

Action-Not Available
Vendor-Red Hat, Inc.Grafana Labs
Product-tempoTempoMulticluster Global HubMulticluster Global Hub 1.3.4Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat Ceph Storage 5Multicluster Global Hub 1.7.1Red Hat OpenShift distributed tracing 3Logging Subsystem for Red Hat OpenShiftRed Hat Ceph Storage 6Red Hat Enterprise Linux 9Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Ceph Storage 9Red Hat Enterprise Linux 10Multicluster Global Hub 1.6.2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-32283
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.40%
||
7 Day CHG+0.17%
Published-08 Apr, 2026 | 01:06
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/tlsCryostat 4 on RHEL 9Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Red Hat JBoss Web Server 6Red Hat Developer HubMulticluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerRed Hat Web Terminalstreams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Custom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Red Hat Enterprise Linux Server (v. 7 ELS)Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4OpenShift ServerlessRed Hat Advanced Cluster Security 4Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat AMQ Broker 7Red Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Satellite 6.19 for RHEL 9ExternalDNS OperatorRed Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Builds for Red Hat OpenShiftRed Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux AppStream TUS (v.8.6)Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Fence Agents Remediation OperatorRed Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Multicluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat OpenShift Container Platform 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat CodeReady Linux Builder EUS (v.9.6)
CWE ID-CWE-764
Multiple Locks of a Critical Resource
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-33816
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 42.53%
||
7 Day CHG+0.18%
Published-07 Apr, 2026 | 15:19
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-33816 in github.com/jackc/pgx

Memory-safety vulnerability in github.com/jackc/pgx/v5.

Action-Not Available
Vendor-jackcgithub.com/jackc/pgx/v5Red Hat, Inc.
Product-pgxgithub.com/jackc/pgx/v5/pgproto3Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Edge Manager 1Cryostat 4 on RHEL 9Custom Metric Autoscaler 2.19Red Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewMulticluster Global Hub 1.7.1Red Hat Advanced Cluster Management for Kubernetes 2.16Red Hat Quay 3Multicluster Global Hub 1.3.4Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux AppStream (v. 10)Multicluster Engine for KubernetesOpenShift PipelinesZero Trust Workload Identity ManagerRed Hat Trusted Artifact Signer 1.3Multicluster Global HubRed Hat Trusted Artifact SignerRed Hat 3scale API Management Platform 2Red Hat Advanced Cluster Security 4Red Hat Advanced Cluster Security for Kubernetes 4.8Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Pipelines 1.21
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-33815
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 44.61%
||
7 Day CHG+0.20%
Published-07 Apr, 2026 | 15:19
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-33815 in github.com/jackc/pgx

Memory-safety vulnerability in github.com/jackc/pgx/v5.

Action-Not Available
Vendor-jackcgithub.com/jackc/pgx/v5Red Hat, Inc.
Product-pgxgithub.com/jackc/pgx/v5/pgproto3Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Edge Manager 1Cryostat 4 on RHEL 9Custom Metric Autoscaler 2.19Red Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewMulticluster Global Hub 1.7.1Red Hat Advanced Cluster Management for Kubernetes 2.16Red Hat Quay 3Multicluster Global Hub 1.3.4Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux 10OpenShift PipelinesMulticluster Engine for KubernetesZero Trust Workload Identity ManagerRed Hat Trusted Artifact Signer 1.3Multicluster Global HubRed Hat Trusted Artifact SignerRed Hat 3scale API Management Platform 2Red Hat Advanced Cluster Security 4Red Hat Advanced Cluster Security for Kubernetes 4.8Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-34986
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 46.67%
||
7 Day CHG+0.37%
Published-06 Apr, 2026 | 16:22
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Go JOSE affect by a panic in JWE decryption

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.

Action-Not Available
Vendor-go-jose_projectgo-joseRed Hat, Inc.
Product-go-josego-joseCryostat 4 on RHEL 9Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Red Hat OpenShift GitOps 1.18Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Red Hat Build of Podman DesktopMulticluster Global Hub 1.5.4Red Hat Build of Podman Desktop - Tech PreviewRed Hat OpenShift GitOpsRed Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorKernel Module Management Operator for Red Hat Openshiftmulticluster engine for Kubernetes 2.10Migration Toolkit for Virtualizationmulticluster engine for Kubernetes 2.9Red Hat OpenShift Cluster Manager CLICustom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift AI 3.3Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Quay 3.17OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Quay 3.14Red Hat Quay 3.12OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat OpenShift AI 2.25OpenShift Developer Tools and ServicesRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Container Platform 4.21multicluster engine for Kubernetes 2.11Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Build of KueueOpenShift PipelinesSecurity Profiles OperatorRed Hat Openshift Data Foundation 4.19Red Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Trusted Artifact Signer 1.3Red Hat Openshift Data Foundation 4.2Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Openshift Data Foundation 4.18Red Hat Enterprise Linux AppStream (v. 9)multicluster engine for Kubernetes 2.6Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15Red Hat OpenShift Pipelines 1.21Confidential Compute Attestationmulticluster engine for Kubernetes 2.8OpenShift Service Mesh 2Red Hat OpenShift Pipelines 1.2Red Hat OpenShift Dev SpacesMulticluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat OpenShift Container Platform 4.18Multicluster Global Hub 1.4.5Red Hat Quay 3.9Red Hat OpenShift Container Platform 4.19Logging Subsystem for Red Hat OpenShiftMulticluster Global HubRed Hat Openshift Data Foundation 4.17OpenShift API for Data Protection 1.4multicluster engine for Kubernetes 2.7Red Hat OpenShift Dev Spaces 3.27OpenShift API for Data Protection 1.5Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4.20Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat Connectivity Link 1Red Hat OpenShift Container Platform 4
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-248
Uncaught Exception
CVE-2026-32286
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.49% / 38.79%
||
7 Day CHG+0.14%
Published-26 Mar, 2026 | 19:40
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service in github.com/jackc/pgproto3/v2

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

Action-Not Available
Vendor-jackcgithub.com/jackc/pgproto3/v2Red Hat, Inc.
Product-pgproto3github.com/jackc/pgproto3/v2Red Hat OpenShift Cluster Manager CLIMulticluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Red Hat Quay 3Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat Enterprise Linux AppStream (v. 10)Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat Advanced Cluster Management for Kubernetes 2Multicluster Global Hub 1.4.5Red Hat Quay 3.9Multicluster Global HubRed Hat Quay 3.17Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Multicluster Global Hub 1.5.4Red Hat Advanced Cluster Security 4Red Hat Quay 3.14Red Hat Quay 3.12Red Hat Enterprise Linux AppStream (v. 9)Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Quay 3.10Red Hat OpenShift on AWSRed Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Red Hat Quay 3.15Red Hat OpenShift Container Platform 4
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2026-32285
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.75% / 50.43%
||
7 Day CHG+0.21%
Published-26 Mar, 2026 | 19:40
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service in github.com/buger/jsonparser

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.

Action-Not Available
Vendor-jsonparser_projectgithub.com/buger/jsonparserRed Hat, Inc.
Product-jsonparsergithub.com/buger/jsonparsermulticluster engine for Kubernetes 2.8Red Hat OpenStack Platform 18.0Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Red Hat OpenShift distributed tracing 3.9.3Multicluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftLogging Subsystem for Red Hat OpenShift 6.4Red Hat Ansible Automation Platform 2Multicluster Global Hub 1.5.4Red Hat OpenShift GitOpsRed Hat OpenShift for Windows ContainersRed Hat Hardened Imagesmulticluster engine for Kubernetes 2.10Red Hat OpenShift Container Platform 4
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2026-33487
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 21.58%
||
7 Day CHG+0.12%
Published-26 Mar, 2026 | 17:17
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
goxmldsig has validateSignature Loop Variable Capture Signature Bypass

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch.

Action-Not Available
Vendor-goxmldsig_projectrussellhaeringRed Hat, Inc.
Product-goxmldsiggoxmldsigRed Hat OpenShift GitOps 1.18Multicluster Global Hub 1.3.4Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat Advanced Cluster Security 4Red Hat Enterprise Linux 9Red Hat OpenShift GitOps 1.19Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.6.2
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-682
Incorrect Calculation
CVE-2026-33186
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.56% / 72.16%
||
7 Day CHG+1.03%
Published-20 Mar, 2026 | 22:23
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
gRPC-Go has an authorization bypass via missing leading slash in :path

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, "deny" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback "allow" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific "deny" rules for canonical paths but allows other requests by default (a fallback "allow" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.

Action-Not Available
Vendor-grpcgrpcRed Hat, Inc.
Product-grpcgrpc-goCryostat 4 on RHEL 9Red Hat OpenShift distributed tracing 3.9.3Red Hat Container Native Virtualization 4.20Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Service Mesh 3.0Red Hat OpenShift Builds 1.6.5Red Hat OpenShift Service Mesh 2.6Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat Build of Podman Desktop - Tech PreviewRed Hat OpenShift GitOpsRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Quay 3.10Red Hat Web Terminal 1.15Migration Toolkit for VirtualizationRed Hat OpenShift Cluster Manager CLIRed Hat Trusted Profile AnalyzerRed Hat OpenStack Platform 18.0Red Hat OpenShift Container Platform 4.17Red Hat Container Native Virtualization 4.21Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersKube Descheduler OperatorRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8OpenShift Run Once Duration Override OperatorRed Hat Quay 3.14Migration Toolkit for Applications 8OpenShift Secondary Scheduler OperatorPower monitoring for Red Hat OpenShiftRed Hat OpenShift AI 2.25OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14DevWorkspace Operator 0.4ExternalDNS OperatorRed Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Enterprise Linux AppStream (v. 10)OpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Openshift Data Foundation 4.19Red Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Trusted Artifact Signer 1.3Red Hat OpenShift Container Platform 4.13Red Hat Quay 3.15multicluster engine for Kubernetes 2.8Red Hat OpenShift Pipelines 1.2Red Hat AI Inference ServerSelf Node Remediation OperatorNetwork Observability (NETOBSERV) 1.11.2Red Hat OpenShift Container Platform 4.18Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Red Hat Quay 3.9Multicluster Global HubRed Hat Service Interconnect 1OpenShift API for Data Protection 1.4Storage-Based RemediationRed Hat OpenShift Dev Spaces 3.27Cryostat 4Red Hat OpenShift Virtualization 4Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat OpenShift Container Platform 4.16Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Advanced Cluster Management for Kubernetes 2.16Red Hat Quay 3Machine Deletion Remediation OperatorRed Hat OpenShift GitOps 1.18Leader Worker SetService Telemetry Framework 1.5Red Hat OpenShift Container Platform 4.15Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Container Native Virtualization 4.18Red Hat Build of Podman DesktopExternal Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftKernel Module Management Operator for Red Hat Openshiftmulticluster engine for Kubernetes 2.10multicluster engine for Kubernetes 2.9Red Hat Enterprise Linux 7Red Hat Openshift Data Foundation 4.16Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Red Hat Container Native Virtualization 4.19Red Hat Enterprise Linux 10Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift AI 3.3Red Hat OpenShift Dev Workspaces OperatorRed Hat Quay 3.17Red Hat Trusted Artifact SignerOpenShift Service Mesh 3Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Quay 3.12Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Container Platform 4.21multicluster engine for Kubernetes 2.11Red Hat Enterprise Linux AppStream EUS (v.9.6)OpenShift API for Data ProtectionRed Hat Build of KueueRed Hat Certification Program for Red Hat Enterprise Linux 9Builds for Red Hat OpenShiftRed Hat Openshift Data Foundation 4.2Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Openshift Data Foundation 4.18Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1multicluster engine for Kubernetes 2.6Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Dynamic Accelerator Slicer Operator for Red Hat OpenShiftRed Hat OpenShift Pipelines 1.21Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat OpenShift Container Platform 4.19Logging Subsystem for Red Hat OpenShiftRed Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift Builds 1.7.3OpenShift API for Data Protection 1.5Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersJob Set Tech PreviewRed Hat OpenShift Container Platform 4.20Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Connectivity Link 1Multicluster Global Hub 1.4.5
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CVE-2026-25679
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.73% / 49.68%
||
7 Day CHG+0.21%
Published-06 Mar, 2026 | 21:28
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect parsing of IPv6 host literals in net/url

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/urlCryostat 4 on RHEL 9Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat OpenShift distributed tracing 3.9.3Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Service Mesh 3.0Red Hat OpenShift Builds 1.6.5Red Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Quay 3.10Red Hat OpenShift on AWSRed Hat Web Terminal 1.15Red Hat OpenShift Cluster Manager CLICustom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersRed Hat Enterprise Linux AppStream E4S (v.8.8)Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Quay 3.14Migration Toolkit for Applications 8Power monitoring for Red Hat OpenShiftOpenShift File Integrity Operator - FIO 1Red Hat OpenShift AI 2.25Red Hat Service Interconnect 2Red Hat OpenStack Services on OpenShift 18OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Satellite 6.19 for RHEL 9DevWorkspace Operator 0.4Red Hat Advanced Cluster Management for Kubernetes 2.15ExternalDNS OperatorRed Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AI 3.3OpenShift PipelinesSecurity Profiles OperatorRed Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat OpenShift Container Platform 4.13Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Quay 3.15mirror registry for Red Hat OpenShiftRed Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat AMQ ClientsNetwork Observability (NETOBSERV) 1.11.2Red Hat Web Terminal 1.12Fence Agents Remediation OperatorRed Hat OpenShift Container Platform 4.18Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Red Hat Quay 3.9Red Hat Service Interconnect 1OpenShift API for Data Protection 1.4Red Hat OpenShift Dev Spaces 3.27Red Hat Update Infrastructure 5Red Hat OpenShift Virtualization 4Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat OpenShift Container Platform 4.16Red Hat Hardened ImagesRed Hat CodeReady Linux Builder EUS (v.9.6)Red Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorRed Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat OpenStack 1.5Red Hat OpenShift Container Platform 4.15Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4streams for Apache Kafka 3External Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftRed Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux 7Red Hat Enterprise Linux Server (v. 7 ELS)Gatekeeper 3Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Logging Subsystem for Red Hat OpenShift 6.2OpenShift ServerlessRed Hat Quay 3.12Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Ansible Automation Platform 2.6Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Satellite 6.18Red Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat Enterprise Linux AppStream E4S (v.8.6)Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream E4S (v.9.0)mirror registry for Red Hat OpenShift 2.0Red Hat OpenShift Container Platform 4.19Logging Subsystem for Red Hat OpenShiftRed Hat OpenShift Container Platform 4.14Red Hat OpenShift Builds 1.7.3OpenShift API for Data Protection 1.5Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4.20Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Connectivity Link 1Multicluster Global Hub 1.4.5
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2026-27137
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.66%
||
7 Day CHG+0.25%
Published-06 Mar, 2026 | 21:28
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect enforcement of email constraints in crypto/x509

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/x509Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorRed Hat OpenShift GitOps 1.18mirror registry for Red Hat OpenShift 2Service Telemetry Framework 1.5Red Hat Developer HubRed Hat Quay 3.16Multicluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerLogging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift Builds 1.6.5Logging Subsystem for Red Hat OpenShift 6.0streams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWSRed Hat Web Terminal 1.15Network Observability Operatorcert-manager Operator for Red Hat OpenShiftRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Red Hat OpenShift GitOps 1.2Red Hat OpenStack Platform 18.0Gatekeeper 3Custom Metric Autoscaler operator for Red Hat OpenshiftMigration Toolkit for ContainersRed Hat Enterprise Linux 10Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Logging Subsystem for Red Hat OpenShift 6.2Compliance OperatorOpenShift ServerlessRed Hat Advanced Cluster Security 4Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14DevWorkspace Operator 0.4ExternalDNS OperatorRed Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Satellite 6.18OpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3Red Hat Satellite 6Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftRed Hat Edge Manager 1OpenShift Service Mesh 2Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Web Terminal 1.12Fence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat OpenShift Builds 1.7.3OpenShift API for Data Protection 1.4Red Hat OpenShift Dev Spaces 3.27Cryostat 4Red Hat OpenShift Virtualization 4OpenShift API for Data Protection 1.5Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-295
Improper Certificate Validation