Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Multicluster Global Hub 1.7.1

Source -

ADP

CNA CVEs -

0

ADP CVEs -

7

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
7Vulnerabilities found

CVE-2026-43869
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-7.3||HIGH
EPSS-0.63% / 45.85%
||
7 Day CHG+0.34%
Published-05 May, 2026 | 07:25
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: TSSLTransportFactory.java hostname verification

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-thriftApache ThriftOpenShift Service Mesh 2Cryostat 4 on RHEL 9Red Hat OpenStack Platform 18.0Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Multicluster Global Hub 1.7.1Red Hat Advanced Cluster Management for Kubernetes 2.16Red Hat AI Inference ServerRed Hat Fuse 7Red Hat Advanced Cluster Management for Kubernetes 2.13Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Advanced Cluster Management for Kubernetes 2Multicluster Global HubRed Hat OpenShift distributed tracing 3.10.1Red Hat OpenShift distributed tracing 3Red Hat Data Grid 8Red Hat OpenShift Container Platform 4Red Hat Build of Apache Camel 3.33 for Quarkus 3.33.2.SP1Red Hat Enterprise Linux 8Multicluster Global Hub 1.5.4Red Hat build of Apache Camel 4 for Quarkus 3Red Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.4.5
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CVE-2026-41602
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.16% / 63.37%
||
7 Day CHG+0.48%
Published-28 Apr, 2026 | 09:19
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: Go TFramedTransport uint32 overflow

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-thriftApache ThriftRed Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat Advanced Cluster Management for Kubernetes 2.16Multicluster Global Hub 1.7.1Red Hat Ceph Storage 6Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.6.2Red Hat OpenStack Platform 18.0Multicluster Global HubMulticluster Global Hub 1.3.4Red Hat OpenShift Container Platform 4Red Hat OpenShift GitOpsRed Hat Ceph Storage 5Red Hat AI Inference ServerRed Hat Ceph Storage 9OpenShift Service Mesh 2Red Hat OpenShift distributed tracing 3.9.3
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-21728
Assigner-Grafana Labs
ShareView Details
Assigner-Grafana Labs
CVSS Score-7.5||HIGH
EPSS-0.65% / 46.40%
||
7 Day CHG+0.26%
Published-24 Apr, 2026 | 08:00
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tempo query limit results in unbounded memory allocation

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18).

Action-Not Available
Vendor-Red Hat, Inc.Grafana Labs
Product-tempoTempoMulticluster Global HubMulticluster Global Hub 1.3.4Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat Ceph Storage 5Multicluster Global Hub 1.7.1Red Hat OpenShift distributed tracing 3Logging Subsystem for Red Hat OpenShiftRed Hat Ceph Storage 6Red Hat Enterprise Linux 9Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Ceph Storage 9Red Hat Enterprise Linux 10Multicluster Global Hub 1.6.2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-40293
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.78%
||
7 Day CHG+0.08%
Published-17 Apr, 2026 | 20:47
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenFGA Playground Preshared Key Exposure

OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1, when OpenFGA is configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key in the HTML response of the /playground endpoint. The /playground endpoint is enabled by default and does not require authentication. It is intended for local development and debugging and is not designed to be exposed to production environments. Only those who run OpenFGA with `--authn-method` preshared, with the playground enabled, and with the playground endpoint accessible beyond localhost or trusted networks are vulnerable. To remediate the issue, users should upgrade to OpenFGA v1.14.0, or disable the playground by running `./openfga run --playground-enabled=false.`

Action-Not Available
Vendor-openfgaopenfgaRed Hat, Inc.
Product-openfgaopenfgaRed Hat Ceph Storage 6Multicluster Global Hub 1.7.1Red Hat Ceph Storage 9Red Hat Advanced Cluster Management for Kubernetes 2.15
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2025-41118
Assigner-Grafana Labs
ShareView Details
Assigner-Grafana Labs
CVSS Score-9.1||CRITICAL
EPSS-0.41% / 32.56%
||
7 Day CHG+0.07%
Published-15 Apr, 2026 | 19:15
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secret_key configuration value from the Pyroscope API. To exploit this vulnerability, an attacker needs direct access to the Pyroscope API. We highly recommend limiting the public internet exposure of all our databases, such that they are only accessible by trusted users or internal systems. This vulnerability is fixed in versions: 1.15.x: 1.15.2 and above. 1.16.x: 1.16.1 and above. 1.17.x: 1.17.0 and above (i.e. all versions). Thanks to Théo Cusnir for reporting this vulnerability to us via our bug bounty program.

Action-Not Available
Vendor-Red Hat, Inc.Grafana Labs
Product-pyroscopePyroscopeMulticluster Global HubRed Hat Ceph Storage 5Multicluster Global Hub 1.7.1Red Hat Ceph Storage 6Red Hat Enterprise Linux 9Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux 10
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-33816
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 42.53%
||
7 Day CHG+0.18%
Published-07 Apr, 2026 | 15:19
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-33816 in github.com/jackc/pgx

Memory-safety vulnerability in github.com/jackc/pgx/v5.

Action-Not Available
Vendor-jackcgithub.com/jackc/pgx/v5Red Hat, Inc.
Product-pgxgithub.com/jackc/pgx/v5/pgproto3Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Edge Manager 1Cryostat 4 on RHEL 9Custom Metric Autoscaler 2.19Red Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewMulticluster Global Hub 1.7.1Red Hat Advanced Cluster Management for Kubernetes 2.16Red Hat Quay 3Multicluster Global Hub 1.3.4Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux AppStream (v. 10)Multicluster Engine for KubernetesOpenShift PipelinesZero Trust Workload Identity ManagerRed Hat Trusted Artifact Signer 1.3Multicluster Global HubRed Hat Trusted Artifact SignerRed Hat 3scale API Management Platform 2Red Hat Advanced Cluster Security 4Red Hat Advanced Cluster Security for Kubernetes 4.8Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Pipelines 1.21
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-33815
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 44.61%
||
7 Day CHG+0.20%
Published-07 Apr, 2026 | 15:19
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-33815 in github.com/jackc/pgx

Memory-safety vulnerability in github.com/jackc/pgx/v5.

Action-Not Available
Vendor-jackcgithub.com/jackc/pgx/v5Red Hat, Inc.
Product-pgxgithub.com/jackc/pgx/v5/pgproto3Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Edge Manager 1Cryostat 4 on RHEL 9Custom Metric Autoscaler 2.19Red Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewMulticluster Global Hub 1.7.1Red Hat Advanced Cluster Management for Kubernetes 2.16Red Hat Quay 3Multicluster Global Hub 1.3.4Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux 10OpenShift PipelinesMulticluster Engine for KubernetesZero Trust Workload Identity ManagerRed Hat Trusted Artifact Signer 1.3Multicluster Global HubRed Hat Trusted Artifact SignerRed Hat 3scale API Management Platform 2Red Hat Advanced Cluster Security 4Red Hat Advanced Cluster Security for Kubernetes 4.8Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-787
Out-of-bounds Write