Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Node HealthCheck Operator

Source -

ADP

CNA CVEs -

0

ADP CVEs -

26

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
26Vulnerabilities found

CVE-2026-48779
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.49%
||
7 Day CHG+0.26%
Published-16 Jun, 2026 | 21:26
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ws: Memory exhaustion DoS from tiny fragments and data chunks

ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally small fragments and data chunks, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. This issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0.

Action-Not Available
Vendor-ws_projectwebsocketsRed Hat, Inc.
Product-wswsRed Hat Openshift Data Foundation 4Red Hat Build of KeycloakRed Hat Quay 3OpenShift PipelinesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Service Mesh 2.6Red Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech PreviewRed Hat Satellite 6Red Hat Discovery 2Cluster Observability Operator 1.5.0Red Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)Self-service automation portal 2Red Hat OpenShift Dev SpacesRed Hat OpenShift Service Mesh 3.1Red Hat Fuse 7Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat JBoss Enterprise Application Platform Expansion PackNode HealthCheck OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat build of Apache Camel for Spring Boot 4Red Hat Data Grid 8Red Hat Trusted Artifact SignerOpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat OpenShift Virtualization 4Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat AMQ Broker 7Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1050
Excessive Platform Resource Consumption within a Loop
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-12143
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
ShareView Details
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
CVSS Score-8.7||HIGH
EPSS-0.41% / 32.79%
||
7 Day CHG+0.08%
Published-12 Jun, 2026 | 18:01
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim into the `Content-Disposition` header without escaping carriage return (CR), line feed (LF), or double-quote (") characters. An application that passes attacker-controlled data as a field name or filename (for example, an API gateway that turns JSON object keys into multipart field names) allows the attacker to terminate the header line and inject additional headers, or to smuggle entire additional multipart parts, into the request the application forwards to a backend. This can let the attacker add or override form fields (e.g. set `is_admin=true`) seen by the downstream parser. This is an instance of CWE-93 (CRLF injection). The fix escapes CR, LF, and `"` as `%0D`, `%0A`, and `%22` in field names and filenames, matching the serialization browsers use per the WHATWG HTML multipart/form-data encoding algorithm. Exploitation requires the consuming application to use untrusted input as a field name or filename; applications that use only fixed/trusted field names are not affected. Fixed in 2.5.6, 3.0.5, and 4.0.6.

Action-Not Available
Vendor-form-dataRed Hat, Inc.
Product-form-dataRed Hat Openshift Data Foundation 4Red Hat Quay 3Red Hat Developer HubOpenShift PipelinesMulticluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Service Mesh 2.6Red Hat Build of Podman DesktopRed Hat 3scale API Management Platform 2Red Hat JBoss Enterprise Application Platform 7Red Hat Build of Podman Desktop - Tech PreviewRed Hat Satellite 6Red Hat OpenShift GitOpsRed Hat Discovery 2Cluster Observability Operator 1.5.0Red Hat JBoss Enterprise Application Platform 8Network Observability OperatorRed Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux 7Red Hat Trusted Profile AnalyzerRed Hat OpenShift Dev SpacesSelf-service automation portal 2Red Hat OpenShift Service Mesh 3.1Red Hat Fuse 7Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apicurio Registry 3Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat build of Apache Camel for Spring Boot 4Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat Trusted Artifact SignerOpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat Advanced Cluster Security 4Red Hat OpenShift Virtualization 4Migration Toolkit for Applications 8Red Hat AMQ Broker 7Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2026-27145
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.5||MEDIUM
EPSS-0.76% / 50.87%
||
7 Day CHG+0.20%
Published-02 Jun, 2026 | 22:01
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient candidate hostname parsing in crypto/x509

(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.
Product-crypto/x509Zero Trust Workload Identity Manager - Tech PreviewRed Hat Openshift Data Foundation 4Red Hat Quay 3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Multiarch Tuning OperatorMulticluster Engine for KubernetesRed Hat Ceph Storage 7Deployment Validation OperatorZero Trust Workload Identity ManagerRed Hat Web Terminalstreams for Apache Kafka 3Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsExternal Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Gatekeeper 3Custom Metric Autoscaler operator for Red Hat OpenshiftMigration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Ceph Storage 9Compliance OperatorOpenShift Source-to-Image (S2I)Migration Toolkit for Applications 8Red Hat Advanced Cluster Security 4Red Hat Developer Hub 1.9OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2Red Hat OpenStack Platform 16.2OpenShift Developer Tools and ServicesRed Hat Ceph Storage 5Red Hat Enterprise Linux AppStream (v. 10)OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorBuilds for Red Hat OpenShiftRed Hat Satellite 6streams for Apache Kafka 2Red Hat Ceph Storage 8Red Hat Enterprise Linux AppStream (v. 9)Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationRed Hat Edge Manager 1OpenShift Service Mesh 2Red Hat OpenShift Dev SpacesLogical Volume Manager StorageFence Agents Remediation OperatorLogging Subsystem for Red Hat OpenShiftRed Hat Lightspeed for Runtimes OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Multicluster Global HubCryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-606
Unchecked Input for Loop Condition
CVE-2024-52011
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 38.91%
||
7 Day CHG-0.03%
Published-01 Jun, 2026 | 17:17
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
launch-editor vulnerable to command injection via the crafted request on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the `launch-editor` version 2.9.0, corresponding to vite version 5.4.9.

Action-Not Available
Vendor-vitejsRed Hat, Inc.
Product-launch-editorviteOpenShift Service Mesh 2Self-service automation portal 2Red Hat OpenShift Dev SpacesRed Hat Build of KeycloakRed Hat Quay 3Migration Toolkit for ContainersRed Hat Developer HubOpenShift PipelinesRed Hat JBoss Enterprise Application Platform Expansion PackNode HealthCheck OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Data Grid 8OpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat Build of Podman DesktopRed Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat Build of Podman Desktop - Tech PreviewRed Hat OpenShift Virtualization 4Red Hat Discovery 2OpenShift LightspeedCluster Observability Operator 1.5.0Red Hat AMQ Broker 7Red Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2026-39821
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.6||CRITICAL
EPSS-0.48% / 37.81%
||
7 Day CHG+0.13%
Published-22 May, 2026 | 15:01
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com".

Action-Not Available
Vendor-golang.org/x/netRed Hat, Inc.Go
Product-netgolang.org/x/net/idnaZero Trust Workload Identity Manager - Tech PreviewRed Hat Openshift Data Foundation 4Red Hat Quay 3Machine Deletion Remediation OperatorMultiarch Tuning OperatorRed Hat Developer HubRed Hat Enterprise Linux AI 3.4Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Service Mesh 3.0Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Web TerminalRed Hat OpenShift Service Mesh 2.6streams for Apache Kafka 3Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsExternal Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessCompliance OperatorRed Hat Ceph Storage 9Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Ceph Storage 5Red Hat Enterprise Linux AppStream (v. 10)OpenShift API for Data ProtectionOpenShift PipelinesSecurity Profiles OperatorFile Integrity OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Builds for Red Hat OpenShiftRed Hat Satellite 6Red Hat Ceph Storage 8Red Hat Enterprise Linux AppStream (v. 9)Cluster Observability Operator 1.5.0Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmulticluster engine for Kubernetes 2.8Red Hat Edge Manager 1Red Hat OpenShift Dev SpacesLogical Volume Manager StorageFence Agents Remediation OperatorRed Hat Lightspeed for Runtimes OperatorMulticluster Global HubRed Hat Service Interconnect 1Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1289
Improper Validation of Unsafe Equivalence in Input
CVE-2026-9277
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
ShareView Details
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
CVSS Score-9.2||CRITICAL
EPSS-0.85% / 53.59%
||
7 Day CHG+0.22%
Published-22 May, 2026 | 13:22
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`

shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (\n, \r, U+2028, U+2029). A line terminator in `.op` therefore passed through unescaped into the output; POSIX shells treat a literal newline as a command separator, so any content after it would execute as a second command. The vulnerable code path is reachable in two ways: (1) direct construction of `{ op: '...\n...' }` from external input, and (2) via `parse(cmd, envFn)` when `envFn` returns object tokens whose `.op` is attacker-influenced. Both are documented API surface. Fixed by replacing the per-character escape with strict shape validation: `.op` must match the parser's control-operator allowlist; `{ op: 'glob', pattern }` validates `pattern` and forbids line terminators; `{ comment }` validates `comment` and forbids line terminators; any other object shape throws `TypeError`.

Action-Not Available
Vendor-Red Hat, Inc.
Product-shell-quoteCryostat 4 on RHEL 9Red Hat OpenShift Container Platform 4.21Red Hat Satellite 6.18OpenShift PipelinesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Service Mesh 2.6Red Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech PreviewRed Hat Discovery 2Cluster Observability Operator 1.5.0Red Hat Quay 3.10Red Hat OpenShift AI (RHOAI)Self-service automation portal 2Red Hat OpenShift Service Mesh 3.1Red Hat Fuse 7Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Quay 3.9Node HealthCheck OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Data Grid 8OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat OpenShift Virtualization 4Red Hat Quay 3.12Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat AMQ Broker 7Red Hat OpenShift Container Platform 4
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-45736
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.72% / 49.29%
||
7 Day CHG+0.24%
Published-15 May, 2026 | 14:53
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ws: Uninitialized memory disclosure

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.

Action-Not Available
Vendor-ws_projectwebsocketsRed Hat, Inc.
Product-wswsRed Hat Build of KeycloakRed Hat Openshift Data Foundation 4Red Hat Quay 3OpenShift PipelinesRed Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech PreviewRed Hat Satellite 6Red Hat Discovery 2Red Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)OpenShift Service Mesh 2Self-service automation portal 2Red Hat OpenShift Dev SpacesRed Hat Fuse 7Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat JBoss Enterprise Application Platform Expansion PackNode HealthCheck OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat build of Apache Camel for Spring Boot 4Red Hat Data Grid 8Red Hat Trusted Artifact SignerOpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat OpenShift Virtualization 4Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat AMQ Broker 7Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-824
Access of Uninitialized Pointer
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2026-33811
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.50%
||
7 Day CHG+0.23%
Published-07 May, 2026 | 19:41
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crash when handling long CNAME response in net

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonetRed Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Multiarch Tuning OperatorRed Hat Connectivity Link 1Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Service Mesh 3.0Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Web Terminalstreams for Apache Kafka 3Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsExternal Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3Red Hat Trusted Artifact SignerOpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessCompliance OperatorRed Hat Ceph Storage 9OpenShift Source-to-Image (S2I)Migration Toolkit for Applications 8Red Hat Advanced Cluster Security 4Red Hat Developer Hub 1.9OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Ceph Storage 5Red Hat Enterprise Linux AppStream (v. 10)OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Builds for Red Hat OpenShiftRed Hat Satellite 6Red Hat Enterprise Linux AppStream (v. 9)Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftRed Hat Edge Manager 1OpenShift Service Mesh 2Red Hat OpenShift Dev SpacesRed Hat AMQ ClientsLogical Volume Manager StorageFence Agents Remediation OperatorLogging Subsystem for Red Hat OpenShiftRed Hat Lightspeed for Runtimes OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Multicluster Global HubRed Hat Service Interconnect 1Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1341
Multiple Releases of Same Resource or Handle
CWE ID-CWE-415
Double Free
CVE-2026-40895
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.49% / 38.32%
||
7 Day CHG+0.19%
Published-21 Apr, 2026 | 19:59
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
follow-redirects: Custom Authentication Headers Leaked to Cross-Domain Redirect Targets

follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect (301/302/307/308), follow-redirects only strips authorization, proxy-authorization, and cookie headers (matched by regex at index.js). Any custom authentication header (e.g., X-API-Key, X-Auth-Token, Api-Key, Token) is forwarded verbatim to the redirect target. This vulnerability is fixed in 1.16.0.

Action-Not Available
Vendor-follow-redirects_projectfollow-redirectsRed Hat, Inc.
Product-follow-redirectsfollow-redirectsRed Hat Developer Hub 1.8Cryostat 4 on RHEL 9Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Red Hat Advanced Cluster Management for Kubernetes 2.16Red Hat Developer HubRed Hat Quay 3.16Red Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Service Mesh 2.6streams for Apache Kafka 3Red Hat Ansible Automation Platform 2.5Red Hat Build of Podman DesktopRed Hat 3scale API Management Platform 2Red Hat Build of Podman Desktop - Tech PreviewRed Hat OpenShift GitOpsRed Hat Discovery 2Red Hat Quay 3.10Red Hat JBoss Enterprise Application Platform 8multicluster engine for Kubernetes 2.10multicluster engine for Kubernetes 2.9Migration Toolkit for VirtualizationSelf-service automation portal 2Red Hat Trusted Profile AnalyzerRed Hat OpenShift Dev Spaces 3.28Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Fuse 7Gatekeeper 3Migration Toolkit for ContainersRed Hat OpenShift AI 3.3Red Hat JBoss Enterprise Application Platform Expansion PackNode HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Quay 3.17Red Hat Data Grid 8OpenShift Service Mesh 3Red Hat OpenShift distributed tracing 3Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Red Hat Trusted Artifact SignerRed Hat Ceph Storage 9Red Hat Quay 3.14Red Hat Quay 3.12Red Hat Developer Hub 1.9Migration Toolkit for Applications 8OpenShift LightspeedRed Hat OpenShift AI 2.25Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Container Platform 4.21Red Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Process Automation 7multicluster engine for Kubernetes 2.11OpenShift PipelinesRed Hat JBoss Enterprise Application Platform 7Red Hat Satellite 6streams for Apache Kafka 2Cluster Observability Operator 1.5.0multicluster engine for Kubernetes 2.6Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15multicluster engine for Kubernetes 2.8Red Hat Edge Manager 1Network Observability (NETOBSERV) 1.11.2Red Hat build of Apicurio Registry 3Red Hat OpenShift Container Platform 4.19Red Hat Quay 3.9Red Hat Enterprise Linux AI (RHEL AI) 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift Container Platform 4.20Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2026-32280
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.07%
||
7 Day CHG+0.24%
Published-08 Apr, 2026 | 01:06
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unexpected work during chain building in crypto/x509

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/x509Cryostat 4 on RHEL 9Red Hat OpenShift distributed tracing 3.9.3Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsmulticluster engine for Kubernetes 2.17Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Quay 3.10Red Hat OpenShift on AWSRed Hat Web Terminal 1.15Red Hat OpenShift Cluster Manager CLICustom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Quay 3.14Migration Toolkit for Applications 8Power monitoring for Red Hat OpenShiftRed Hat OpenShift AI 2.25Red Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Satellite 6.19 for RHEL 9ExternalDNS OperatorRed Hat Enterprise Linux AppStream (v. 10)OpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Quay 3.15multicluster engine for Kubernetes 2.8mirror registry for Red Hat OpenShiftRed Hat Enterprise Linux AppStream TUS (v.8.6)Network Observability (NETOBSERV) 1.11.2Red Hat Web Terminal 1.12Fence Agents Remediation OperatorRed Hat OpenShift Container Platform 4.18Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Red Hat Quay 3.9Red Hat Service Interconnect 1OpenShift API for Data Protection 1.4Red Hat OpenShift Virtualization 4HawtIO HawtIO 4.4.0Red Hat Hardened ImagesRed Hat CodeReady Linux Builder EUS (v.9.6)Red Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorRed Hat OpenStack 1.5Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4streams for Apache Kafka 3External Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftmulticluster engine for Kubernetes 2.10Red Hat Enterprise Linux 7Red Hat OpenShift Dev Spaces 3.28Red Hat Enterprise Linux Server (v. 7 ELS)Gatekeeper 3Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift Dev Workspaces OperatorRed Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Quay 3.17OpenShift Service Mesh 3Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Developer Hub 1.9OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Advanced Cluster Security for Kubernetes 4.9multicluster engine for Kubernetes 2.11Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1multicluster engine for Kubernetes 2.6Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationRed Hat Edge Manager 1OpenShift Service Mesh 2Red Hat Enterprise Linux AppStream E4S (v.8.6)Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)mirror registry for Red Hat OpenShift 2.0Red Hat OpenShift Container Platform 4.19Logging Subsystem for Red Hat OpenShiftRed Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift Builds 1.7.3OpenShift API for Data Protection 1.5Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Connectivity Link 1Multicluster Global Hub 1.4.5
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-32283
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.40%
||
7 Day CHG+0.17%
Published-08 Apr, 2026 | 01:06
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/tlsCryostat 4 on RHEL 9Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Red Hat JBoss Web Server 6Red Hat Developer HubMulticluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerRed Hat Web Terminalstreams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Custom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Red Hat Enterprise Linux Server (v. 7 ELS)Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4OpenShift ServerlessRed Hat Advanced Cluster Security 4Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat AMQ Broker 7Red Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Satellite 6.19 for RHEL 9ExternalDNS OperatorRed Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Builds for Red Hat OpenShiftRed Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux AppStream TUS (v.8.6)Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Fence Agents Remediation OperatorRed Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Multicluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat OpenShift Container Platform 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat CodeReady Linux Builder EUS (v.9.6)
CWE ID-CWE-764
Multiple Locks of a Critical Resource
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-33810
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.34% / 25.97%
||
7 Day CHG+0.08%
Published-08 Apr, 2026 | 01:06
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/x509Cryostat 4 on RHEL 9Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Red Hat Developer HubMulticluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerLogging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift Builds 1.6.5Logging Subsystem for Red Hat OpenShift 6.0streams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsExternal Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWSRed Hat Web Terminal 1.15Network Observability Operatorcert-manager Operator for Red Hat OpenShiftRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Red Hat OpenShift Dev Spaces 3.28Red Hat OpenStack Platform 18.0Gatekeeper 3Custom Metric Autoscaler operator for Red Hat OpenshiftMigration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Advanced Cluster Security 4Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Ansible Automation Platform 2.6Red Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat Satellite 6.19 for RHEL 9ExternalDNS OperatorRed Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)OpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftRed Hat Edge Manager 1OpenShift Service Mesh 2Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Web Terminal 1.12Fence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat OpenShift Builds 1.7.3OpenShift API for Data Protection 1.4OpenShift API for Data Protection 1.5Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersHawtIO HawtIO 4.4.0Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1289
Improper Validation of Unsafe Equivalence in Input
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-34986
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 46.67%
||
7 Day CHG+0.37%
Published-06 Apr, 2026 | 16:22
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Go JOSE affect by a panic in JWE decryption

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.

Action-Not Available
Vendor-go-jose_projectgo-joseRed Hat, Inc.
Product-go-josego-joseCryostat 4 on RHEL 9Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Red Hat OpenShift GitOps 1.18Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Red Hat Build of Podman DesktopMulticluster Global Hub 1.5.4Red Hat Build of Podman Desktop - Tech PreviewRed Hat OpenShift GitOpsRed Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorKernel Module Management Operator for Red Hat Openshiftmulticluster engine for Kubernetes 2.10Migration Toolkit for Virtualizationmulticluster engine for Kubernetes 2.9Red Hat OpenShift Cluster Manager CLICustom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift AI 3.3Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Quay 3.17OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Quay 3.14Red Hat Quay 3.12OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat OpenShift AI 2.25OpenShift Developer Tools and ServicesRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Container Platform 4.21multicluster engine for Kubernetes 2.11Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Build of KueueOpenShift PipelinesSecurity Profiles OperatorRed Hat Openshift Data Foundation 4.19Red Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Trusted Artifact Signer 1.3Red Hat Openshift Data Foundation 4.2Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Openshift Data Foundation 4.18Red Hat Enterprise Linux AppStream (v. 9)multicluster engine for Kubernetes 2.6Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15Red Hat OpenShift Pipelines 1.21Confidential Compute Attestationmulticluster engine for Kubernetes 2.8OpenShift Service Mesh 2Red Hat OpenShift Pipelines 1.2Red Hat OpenShift Dev SpacesMulticluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat OpenShift Container Platform 4.18Multicluster Global Hub 1.4.5Red Hat Quay 3.9Red Hat OpenShift Container Platform 4.19Logging Subsystem for Red Hat OpenShiftMulticluster Global HubRed Hat Openshift Data Foundation 4.17OpenShift API for Data Protection 1.4multicluster engine for Kubernetes 2.7Red Hat OpenShift Dev Spaces 3.27OpenShift API for Data Protection 1.5Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4.20Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat Connectivity Link 1Red Hat OpenShift Container Platform 4
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-248
Uncaught Exception
CVE-2026-4800
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-8.1||HIGH
EPSS-1.74% / 74.89%
||
7 Day CHG+0.71%
Published-31 Mar, 2026 | 19:25
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
lodash vulnerable to Code Injection via `_.template` imports key names

Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. When an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function(). Patches: Users should upgrade to version 4.18.0. Workarounds: Do not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names.

Action-Not Available
Vendor-lodashlodashRed Hat, Inc.
Product-lodash-eslodashlodash-amdlodash.templatelodash-eslodashlodash-amdlodash.templateRed Hat Developer Hub 1.8Red Hat Directory Server 13Cryostat 4 on RHEL 9Red Hat Enterprise Linux High Availability (v. 10)Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat build of Apicurio Registry 2Red Hat Enterprise Linux High Availability E4S (v.8.6)Red Hat Quay 3Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)Red Hat OpenShift distributed tracing 3.9.3Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)Red Hat OpenShift GitOps 1.18Red Hat Directory Server 11Red Hat Directory Server 12Red Hat Developer HubMulticluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Service Mesh 2.6Red Hat Ansible Automation Platform 2.5Red Hat Build of Podman DesktopRed Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat Discovery 2Red Hat JBoss Enterprise Application Platform 8Self-service automation portal 2Red Hat Trusted Profile AnalyzerRed Hat Enterprise Linux 7Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Fuse 7Red Hat Enterprise Linux High Availability (v. 9)Red Hat Openshift Data Foundation 4.16Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Streams for Apache Kafka 2.9.4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat OpenShift AI 3.3Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)Red Hat Advanced Cluster Security 4Red Hat Enterprise Linux High Availability E4S (v.9.2)Migration Toolkit for Applications 8Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat Enterprise Linux High Availability TUS (v.8.6)Red Hat Enterprise Linux High Availability EUS (v. 10.0)Red Hat Build of KeycloakRed Hat Process Automation 7Red Hat Enterprise Linux High Availability EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Satellite 6.18OpenShift PipelinesRed Hat Openshift Data Foundation 4.19Red Hat Trusted Artifact Signer 1.3Migration Toolkit for Virtualization 2.9Red Hat Openshift Data Foundation 4.2Migration Toolkit for Virtualization 2.1Streams for Apache Kafka 3.2.0Red Hat JBoss Enterprise Application Platform 7Red Hat Enterprise Linux High Availability E4S (v.9.0)Red Hat Openshift Data Foundation 4.18Red Hat Satellite 6Red Hat Data Grid 8.6.1Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux High Availability EUS (v.9.6)Cluster Observability Operator 1.5.0Red Hat Enterprise Linux High Availability E4S (v.8.8)Red Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux High Availability AUS (v.8.4)Confidential Compute AttestationRed Hat Edge Manager 1Network Observability (NETOBSERV) 1.11.2Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux Resilient Storage (v. 9)Red Hat build of Apicurio Registry 3Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux Resilient Storage EUS (v.9.6)Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux High Availability TUS (v.8.8)Red Hat Openshift Data Foundation 4.17Red Hat OpenShift Dev Spaces 3.27Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift GitOps 1.19Red Hat OpenShift Container Platform 4.20Red Hat Single Sign-On 7Red Hat Connectivity Link 1Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)Red Hat OpenShift Container Platform 4
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-25679
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.73% / 49.68%
||
7 Day CHG+0.21%
Published-06 Mar, 2026 | 21:28
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect parsing of IPv6 host literals in net/url

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/urlCryostat 4 on RHEL 9Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat OpenShift distributed tracing 3.9.3Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Service Mesh 3.0Red Hat OpenShift Builds 1.6.5Red Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Quay 3.10Red Hat OpenShift on AWSRed Hat Web Terminal 1.15Red Hat OpenShift Cluster Manager CLICustom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersRed Hat Enterprise Linux AppStream E4S (v.8.8)Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Quay 3.14Migration Toolkit for Applications 8Power monitoring for Red Hat OpenShiftOpenShift File Integrity Operator - FIO 1Red Hat OpenShift AI 2.25Red Hat Service Interconnect 2Red Hat OpenStack Services on OpenShift 18OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Satellite 6.19 for RHEL 9DevWorkspace Operator 0.4Red Hat Advanced Cluster Management for Kubernetes 2.15ExternalDNS OperatorRed Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AI 3.3OpenShift PipelinesSecurity Profiles OperatorRed Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat OpenShift Container Platform 4.13Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Quay 3.15mirror registry for Red Hat OpenShiftRed Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat AMQ ClientsNetwork Observability (NETOBSERV) 1.11.2Red Hat Web Terminal 1.12Fence Agents Remediation OperatorRed Hat OpenShift Container Platform 4.18Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Red Hat Quay 3.9Red Hat Service Interconnect 1OpenShift API for Data Protection 1.4Red Hat OpenShift Dev Spaces 3.27Red Hat Update Infrastructure 5Red Hat OpenShift Virtualization 4Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat OpenShift Container Platform 4.16Red Hat Hardened ImagesRed Hat CodeReady Linux Builder EUS (v.9.6)Red Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorRed Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat OpenStack 1.5Red Hat OpenShift Container Platform 4.15Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4streams for Apache Kafka 3External Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftRed Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux 7Red Hat Enterprise Linux Server (v. 7 ELS)Gatekeeper 3Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Logging Subsystem for Red Hat OpenShift 6.2OpenShift ServerlessRed Hat Quay 3.12Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Ansible Automation Platform 2.6Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Satellite 6.18Red Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat Enterprise Linux AppStream E4S (v.8.6)Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream E4S (v.9.0)mirror registry for Red Hat OpenShift 2.0Red Hat OpenShift Container Platform 4.19Logging Subsystem for Red Hat OpenShiftRed Hat OpenShift Container Platform 4.14Red Hat OpenShift Builds 1.7.3OpenShift API for Data Protection 1.5Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4.20Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Connectivity Link 1Multicluster Global Hub 1.4.5
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2026-27137
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.66%
||
7 Day CHG+0.25%
Published-06 Mar, 2026 | 21:28
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect enforcement of email constraints in crypto/x509

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/x509Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorRed Hat OpenShift GitOps 1.18mirror registry for Red Hat OpenShift 2Service Telemetry Framework 1.5Red Hat Developer HubRed Hat Quay 3.16Multicluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerLogging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift Builds 1.6.5Logging Subsystem for Red Hat OpenShift 6.0streams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWSRed Hat Web Terminal 1.15Network Observability Operatorcert-manager Operator for Red Hat OpenShiftRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Red Hat OpenShift GitOps 1.2Red Hat OpenStack Platform 18.0Gatekeeper 3Custom Metric Autoscaler operator for Red Hat OpenshiftMigration Toolkit for ContainersRed Hat Enterprise Linux 10Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Logging Subsystem for Red Hat OpenShift 6.2Compliance OperatorOpenShift ServerlessRed Hat Advanced Cluster Security 4Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14DevWorkspace Operator 0.4ExternalDNS OperatorRed Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Satellite 6.18OpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3Red Hat Satellite 6Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftRed Hat Edge Manager 1OpenShift Service Mesh 2Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Web Terminal 1.12Fence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat OpenShift Builds 1.7.3OpenShift API for Data Protection 1.4Red Hat OpenShift Dev Spaces 3.27Cryostat 4Red Hat OpenShift Virtualization 4OpenShift API for Data Protection 1.5Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-29063
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.98% / 57.83%
||
7 Day CHG+0.37%
Published-06 Mar, 2026 | 18:25
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5.

Action-Not Available
Vendor-immutable-jsimmutable-jsRed Hat, Inc.
Product-immutableimmutable-jsRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Developer Hub 1.8Red Hat OpenShift Container Platform 4.21Red Hat Advanced Cluster Management for Kubernetes 2.15Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4multicluster engine for Kubernetes 2.11Red Hat Advanced Cluster Management for Kubernetes 2.16Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat Satellite 6.18Red Hat Quay 3.16OpenShift PipelinesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Container Platform 4.15Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Service Mesh 2.6Migration Toolkit for Virtualization 2.9Migration Toolkit for Virtualization 2.1Red Hat 3scale API Management Platform 2Red Hat Satellite 6Red Hat OpenShift GitOpsRed Hat Discovery 2Cluster Observability Operator 1.5.0Red Hat Quay 3.10multicluster engine for Kubernetes 2.6Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15multicluster engine for Kubernetes 2.10multicluster engine for Kubernetes 2.9multicluster engine for Kubernetes 2.8Red Hat Edge Manager 1Self-service automation portal 2Red Hat OpenShift Pipelines 1.2Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Network Observability (NETOBSERV) 1.11.2Network Observability (NETOBSERV) 1.12.0Red Hat OpenShift Container Platform 4.18Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat OpenShift Container Platform 4.19Red Hat Quay 3.9Red Hat OpenShift Container Platform 4.14Logging Subsystem for Red Hat OpenShiftNode HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Quay 3.17OpenShift Service Mesh 3multicluster engine for Kubernetes 2.7Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat OpenShift Virtualization 4Red Hat Quay 3.12Red Hat Developer Hub 1.9Red Hat OpenShift Container Platform 4.20OpenShift LightspeedRed Hat OpenShift Container Platform 4.16Red Hat Connectivity Link 1Red Hat OpenShift Container Platform 4
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE ID-CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CVE-2025-69873
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.49% / 38.65%
||
7 Day CHG+0.09%
Published-11 Feb, 2026 | 00:00
Updated-30 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.

Action-Not Available
Vendor-ajv.jsRed Hat, Inc.
Product-ajvRed Hat OpenShift AI 2.16Red Hat OpenShift AI (RHOAI)Red Hat Directory Server 11Red Hat Enterprise Linux 10Red Hat Developer Hub 1.8Confidential Compute AttestationRed Hat Openshift Data Foundation 4Red Hat OpenShift Container Platform 4Red Hat OpenShift GitOpsOpenShift PipelinesLogging Subsystem for Red Hat OpenShiftRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Satellite 6Red Hat Edge Manager 1Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apicurio Registry 2Red Hat OpenShift Container Platform 4.16Red Hat Satellite 6.18Red Hat Connectivity Link 1Red Hat Data Grid 8Multicluster Engine for KubernetesRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift Container Platform 4.15Red Hat Quay 3.9Red Hat build of OptaPlanner 8Red Hat OpenShift AI 3.3Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux 8Network Observability (NETOBSERV) 1.11.2Red Hat Developer Hub 1.9OpenShift Service Mesh 3Red Hat AMQ Broker 7Gatekeeper 3Cryostat 4streams for Apache Kafka 2Red Hat Directory Server 12Red Hat Ansible Automation Platform 2Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat OpenShift Container Platform 4.14Red Hat Advanced Cluster Security 4Red Hat Single Sign-On 7Red Hat Directory Server 13Red Hat OpenShift Container Platform 4.17Red Hat Process Automation 7Red Hat Quay 3.16Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat OpenShift Container Platform 4.19Red Hat 3scale API Management Platform 2Red Hat Ansible Automation Platform 2.6Red Hat JBoss Enterprise Application Platform 7Red Hat Enterprise Linux 9Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Fuse 7Red Hat Quay 3.15Red Hat OpenShift Dev Spaces 3.27streams for Apache Kafka 3Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 ServerRed Hat Ansible Automation Platform 2.6 for RHEL 10Node HealthCheck OperatorRed Hat Quay 3.14Network Observability OperatorRed Hat JBoss Enterprise Application Platform 8OpenShift Service Mesh 2
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-61726
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-1.94% / 77.72%
||
7 Day CHG+1.18%
Published-28 Jan, 2026 | 19:30
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory exhaustion in query parameter parsing in net/url

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/urlCryostat 4 on RHEL 9Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat OpenShift distributed tracing 3.9.3Red Hat Connectivity Link 1Multiarch Tuning OperatorRed Hat OpenShift Dev Spaces (RHOSDS) 3.26Red Hat Quay 3.16Multicluster Engine for KubernetesDeployment Validation OperatorRed Hat OpenShift Service Mesh 3.0Red Hat OpenShift Builds 1.6.5Red Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Quay 3.10Red Hat OpenShift on AWSRed Hat Web Terminal 1.15Red Hat OpenShift Cluster Manager CLICustom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Migration Toolkit for ContainersRed Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Satellite 6.18 for RHEL 9Red Hat OpenShift distributed tracing 3Red Hat Enterprise Linux 8Red Hat OpenShift GitOps 1.17Red Hat Quay 3.14Migration Toolkit for Applications 8Power monitoring for Red Hat OpenShiftOpenShift File Integrity Operator - FIO 1Red Hat OpenShift AI 2.25OpenShift Developer Tools and Services 1.6.2Red Hat Service Interconnect 2Red Hat OpenStack Services on OpenShift 18OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat Enterprise Linux AppStream AUS (v.8.6)DevWorkspace Operator 0.4Red Hat Advanced Cluster Management for Kubernetes 2.15ExternalDNS OperatorRed Hat Ceph Storage 5Red Hat Enterprise Linux AppStream (v. 10)Zero Trust Workload Identity Manager 1OpenShift PipelinesFile Integrity OperatorRed Hat Openshift Data Foundation 4.19Red Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3Red Hat OpenShift Container Platform 4.13Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Ceph Storage 8Red Hat Ansible Automation Platform 2.4 for RHEL 9Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Quay 3.15multicluster engine for Kubernetes 2.8mirror registry for Red Hat OpenShiftIronic content for Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat AMQ ClientsNetwork Observability (NETOBSERV) 1.11.2Red Hat Web Terminal 1.12Fence Agents Remediation OperatorRed Hat OpenShift Container Platform 4.18Red Hat OpenShift AI 2.16Red Hat Quay 3.9Red Hat Service Interconnect 1OpenShift API for Data Protection 1.4Cert Manager support for Red Hat OpenShift release 1.17Red Hat OpenShift Dev Spaces 3.27Red Hat Update Infrastructure 5Cryostat 4Red Hat OpenShift Virtualization 4HawtIO HawtIO 4.4.0Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat OpenShift Container Platform 4.16Logging Subsystem for Red Hat OpenShift 6.3Red Hat Hardened ImagesRed Hat CodeReady Linux Builder EUS (v.9.6)Red Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorRed Hat OpenShift GitOps 1.18Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Ceph Storage 7Red Hat OpenShift Container Platform 4.15Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4External Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftmulticluster engine for Kubernetes 2.10multicluster engine for Kubernetes 2.9Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux 7Red Hat Enterprise Linux Server (v. 7 ELS)Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.4 for RHEL 8Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift AI 3.3Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Ansible Automation Platform 2.5 for RHEL 9OpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Logging Subsystem for Red Hat OpenShift 6.2OpenShift ServerlessRed Hat Quay 3.12OpenShift LightspeedRed Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Ansible Automation Platform 2.6Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Satellite 6.18OpenShift API for Data ProtectionRed Hat Certification Program for Red Hat Enterprise Linux 9Streams for Apache Kafka 3.2.0Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Openshift Data Foundation 4.18Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1multicluster engine for Kubernetes 2.6Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Ironic content for Red Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux AppStream E4S (v.8.6)Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream E4S (v.9.0)mirror registry for Red Hat OpenShift 2.0Node Maintenance OperatorRed Hat OpenShift Container Platform 4.19Logging Subsystem for Red Hat OpenShiftRed Hat OpenShift Container Platform 4.14multicluster engine for Kubernetes 2.7HawtIO HawtIO 4.3.1OpenShift API for Data Protection 1.5Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4.20Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftMulticluster Global Hub 1.4.5
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-0775
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7||HIGH
EPSS-0.29% / 20.37%
||
7 Day CHG+0.04%
Published-23 Jan, 2026 | 03:29
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25430.

Action-Not Available
Vendor-npmRed Hat, Inc.
Product-cliRed Hat OpenShift AI (RHOAI)Red Hat AMQ Broker 7Red Hat Enterprise Linux 10Confidential Compute AttestationMigration Toolkit for ContainersCryostat 4Red Hat Openshift Data Foundation 4Red Hat Ansible Automation Platform 2Red Hat OpenShift Container Platform 4Red Hat OpenShift GitOpsRed Hat Single Sign-On 7OpenShift PipelinesLogging Subsystem for Red Hat OpenShiftRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Satellite 6Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat 3scale API Management Platform 2Red Hat build of Apache Camel - HawtIO 4OpenShift LightspeedRed Hat Connectivity Link 1Red Hat JBoss Enterprise Application Platform 7Multicluster Engine for KubernetesRed Hat Enterprise Linux 9Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Fuse 7Red Hat Quay 3Red Hat Developer HubRed Hat OpenShift Dev SpacesNode HealthCheck OperatorRed Hat Trusted Artifact SignerNetwork Observability OperatorRed Hat Enterprise Linux 8Red Hat JBoss Enterprise Application Platform 8OpenShift Serverless
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-13465
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-6.9||MEDIUM
EPSS-1.54% / 71.77%
||
7 Day CHG+1.22%
Published-21 Jan, 2026 | 19:05
Updated-03 Jul, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23

Action-Not Available
Vendor-lodashLodashlodash.unsetlodash-esLodash-amdRed Hat, Inc.Siemens AG
Product-lodashlodash-eslodash.unsetLodash-amdLodashRed Hat Developer Hub 1.8Red Hat Directory Server 13Cryostat 4 on RHEL 9Red Hat Ceph Storage 7.1Red Hat Enterprise Linux High Availability (v. 10)Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Red Hat Enterprise Linux High Availability E4S (v.8.6)Red Hat Quay 3Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)Red Hat OpenShift GitOps 1.18Red Hat Directory Server 11Red Hat Directory Server 12Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Container Platform 4.15Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Service Mesh 2.6streams for Apache Kafka 3Red Hat Ansible Automation Platform 2.5Red Hat 3scale API Management Platform 2Red Hat Ceph Storage 4Red Hat OpenShift GitOpsRed Hat Discovery 2Red Hat OpenShift Container Platform 4.12Red Hat build of OptaPlanner 8Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 ServerRed Hat JBoss Enterprise Application Platform 8multicluster engine for Kubernetes 2.10Migration Toolkit for Virtualizationmulticluster engine for Kubernetes 2.9Red Hat Enterprise Linux 7Red Hat Trusted Profile AnalyzerRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Fuse 7Red Hat Enterprise Linux High Availability (v. 9)Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Migration Toolkit for ContainersRed Hat Enterprise Linux 10Streams for Apache Kafka 2.9.4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat OpenShift AI 3.3Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat OpenShift GitOps 1.17Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)Red Hat Data Grid 8.6.0Red Hat Advanced Cluster Security 4Red Hat Enterprise Linux High Availability E4S (v.9.2)Migration Toolkit for Applications 8OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat Enterprise Linux High Availability TUS (v.8.6)Red Hat Enterprise Linux High Availability EUS (v. 10.0)Red Hat Trusted Artifact Signer 1.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Container Platform 4.21Red Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Process Automation 7Red Hat OpenShift Pipelines 1.15Red Hat Enterprise Linux High Availability EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Ceph Storage 5Red Hat Satellite 6.18OpenShift PipelinesRed Hat Trusted Artifact Signer 1.3RUGGEDCOM RST2428PCluster Observability Operator 1.4.0Red Hat JBoss Enterprise Application Platform 7Red Hat Enterprise Linux High Availability E4S (v.9.0)Red Hat Advanced Cluster Management for Kubernetes 2.12Red Hat OpenShift Container Platform 4.13Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Satellite 6Red Hat Enterprise Linux High Availability EUS (v.9.6)Red Hat Ceph Storage 8Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux High Availability E4S (v.8.8)multicluster engine for Kubernetes 2.6Red Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux High Availability AUS (v.8.4)multicluster engine for Kubernetes 2.8Confidential Compute AttestationRed Hat Edge Manager 1Red Hat Edge Manager previewRed Hat OpenShift Pipelines 1.2Red Hat OpenShift Dev SpacesOpenShift Service Mesh 2Network Observability (NETOBSERV) 1.11.2Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux Resilient Storage (v. 9)Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux Resilient Storage EUS (v.9.6)Red Hat OpenShift Container Platform 4.14Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux High Availability TUS (v.8.8)Red Hat Enterprise Linux AI (RHEL AI) 3multicluster engine for Kubernetes 2.7Red Hat OpenShift Dev Spaces 3.27Red Hat OpenShift Virtualization 4Red Hat OpenShift GitOps 1.19HawtIO HawtIO 4.4.0Red Hat OpenShift Container Platform 4.20Red Hat Single Sign-On 7Red Hat OpenShift Container Platform 4.16Red Hat Ceph Storage 6Red Hat Connectivity Link 1Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)Red Hat OpenShift Container Platform 4
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2026-23950
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.23% / 14.15%
||
7 Day CHG+0.08%
Published-20 Jan, 2026 | 00:40
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.

Action-Not Available
Vendor-isaacsisaacsRed Hat, Inc.
Product-tarnode-tarRed Hat OpenShift AI (RHOAI)Red Hat AMQ Broker 7Red Hat Enterprise Linux 10Confidential Compute AttestationMigration Toolkit for ContainersCryostat 4Red Hat Enterprise Linux 6Red Hat Openshift Data Foundation 4Red Hat Enterprise Linux AppStream (v. 10)Red Hat Ansible Automation Platform 2Red Hat Trusted Artifact Signer 1.3Red Hat OpenShift Container Platform 4Red Hat OpenShift GitOpsRed Hat Single Sign-On 7OpenShift PipelinesLogging Subsystem for Red Hat OpenShiftRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Satellite 6Red Hat Process Automation 7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat 3scale API Management Platform 2Red Hat build of Apache Camel - HawtIO 4OpenShift LightspeedRed Hat Connectivity Link 1Red Hat JBoss Enterprise Application Platform 7Red Hat Enterprise Linux 7Multicluster Engine for KubernetesRed Hat Enterprise Linux 9Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Fuse 7Red Hat Enterprise Linux AppStream (v. 9)Red Hat Trusted Artifact Signer 1.2Red Hat Quay 3Red Hat Developer HubRed Hat OpenShift Dev Spaces 3.27Node HealthCheck OperatorNetwork Observability OperatorRed Hat Enterprise Linux 8Red Hat JBoss Enterprise Application Platform 8OpenShift Serverless
CWE ID-CWE-176
Improper Handling of Unicode Encoding
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-23745
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.33% / 25.37%
||
7 Day CHG+0.03%
Published-16 Jan, 2026 | 22:00
Updated-01 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.

Action-Not Available
Vendor-isaacsisaacsRed Hat, Inc.
Product-tarnode-tarRed Hat Openshift Data Foundation 4Red Hat Process Automation 7Red Hat Quay 3Red Hat Enterprise Linux AppStream (v. 10)Red Hat Developer HubOpenShift PipelinesMulticluster Engine for KubernetesRed Hat Trusted Artifact Signer 1.3Red Hat 3scale API Management Platform 2Red Hat JBoss Enterprise Application Platform 7Red Hat Satellite 6Red Hat OpenShift GitOpsRed Hat Enterprise Linux AppStream (v. 9)Red Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Network Observability (NETOBSERV) 1.11.2Red Hat Fuse 7Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift AI 3.3Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Advanced Cluster Management for Kubernetes 2Logging Subsystem for Red Hat OpenShiftNode HealthCheck OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Red Hat OpenShift Dev Spaces 3.27OpenShift ServerlessCryostat 4OpenShift LightspeedRed Hat Single Sign-On 7Red Hat OpenShift AI 2.25Red Hat AMQ Broker 7Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat Trusted Artifact Signer 1.2Red Hat OpenShift Container Platform 4
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-22029
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8||HIGH
EPSS-0.77% / 51.10%
||
7 Day CHG+0.44%
Published-10 Jan, 2026 | 02:42
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
React Router vulnerable to XSS via Open Redirects

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (<BrowserRouter>) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.

Action-Not Available
Vendor-shopifyremix-runRed Hat, Inc.
Product-remix-run\/reactreact-routerreact-router@remix-run/routerMigration Toolkit for VirtualizationRed Hat OpenShift AI (RHOAI)multicluster engine for Kubernetes 2.8Red Hat Openshift Data Foundation 4.18Red Hat Enterprise Linux 10multicluster engine for Kubernetes 2.6Red Hat OpenShift Container Platform 4.20Red Hat Trusted Artifact Signer 1.3Red Hat OpenShift Container Platform 4Red Hat OpenShift GitOpsRed Hat Advanced Cluster Management for Kubernetes 2.13Red Hat OpenShift Virtualization 4OpenShift PipelinesLogging Subsystem for Red Hat OpenShiftRed Hat OpenShift distributed tracing 3Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Satellite 6Red Hat Edge Manager 1Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat Advanced Cluster Management for Kubernetes 2.14multicluster engine for Kubernetes 2.10Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apicurio Registry 2Red Hat Connectivity Link 1Red Hat Discovery 2Red Hat Data Grid 8Multicluster Engine for KubernetesRed Hat Advanced Cluster Management for Kubernetes 2.15Red Hat build of OptaPlanner 8Red Hat Developer HubRed Hat OpenShift AI 3.3Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux 8OpenShift Service Mesh 3Red Hat Edge Manager previewRed Hat Build of KueueRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Dev Spaces (RHOSDS) 3.26Migration Toolkit for Applications 7Migration Toolkit for ContainersRed Hat OpenShift Service Mesh 3.1Gatekeeper 3Cryostat 4Red Hat Ansible Automation Platform 2Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Advanced Cluster Security 4Red Hat Single Sign-On 7Red Hat Process Automation 7Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Openshift Data Foundation 4.19Red Hat OpenShift Service Mesh 3.0Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat OpenShift Container Platform 4.19Migration Toolkit for Applications 8Red Hat Ansible Automation Platform 2.6Red Hat OpenShift Container Platform 4.18OpenShift LightspeedRed Hat Enterprise Linux 9Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Fuse 7Red Hat Quay 3Red Hat OpenShift AI 2.25multicluster engine for Kubernetes 2.7Red Hat Ansible Automation Platform 2.6 for RHEL 10Node HealthCheck OperatorRed Hat Advanced Cluster Management for Kubernetes 2.12Red Hat OpenShift Service Mesh 3.2Network Observability OperatorRed Hat JBoss Enterprise Application Platform 8Red Hat OpenShift Container Platform 4.21OpenShift Service Mesh 2
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-61686
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-16.10% / 96.53%
||
7 Day CHG+1.31%
Published-10 Jan, 2026 | 02:41
Updated-29 Jun, 2026 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
React Router has Path Traversal in File Session Storage

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node (or @remix-run/node/@remix-run/deno in Remix v2) with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the permissions of the web server process to access those files. Read files cannot be returned directly to the attacker. Session file reads would only succeed if the file matched the expected session file format. If the file matched the session file format, the data would be populated into the server side session but not directly returned to the attacker unless the application logic returned specific session information. This issue has been patched in @react-router/node version 7.9.4, @remix-run/deno version 2.17.2, and @remix-run/node version 2.17.2.

Action-Not Available
Vendor-shopifyremix-runRed Hat, Inc.
Product-remix-run\/denoreact-router\/noderemix-run\/nodereact-routerMigration Toolkit for VirtualizationRed Hat Build of KueueRed Hat OpenShift AI (RHOAI)Migration Toolkit for Applications 7Red Hat Enterprise Linux 10Gatekeeper 3Migration Toolkit for ContainersCryostat 4Red Hat Openshift Data Foundation 4Red Hat Ansible Automation Platform 2Red Hat Trusted Profile AnalyzerRed Hat OpenShift Container Platform 4Red Hat OpenShift GitOpsRed Hat Advanced Cluster Security 4Red Hat Single Sign-On 7Red Hat OpenShift Virtualization 4OpenShift PipelinesLogging Subsystem for Red Hat OpenShiftRed Hat OpenShift distributed tracing 3Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Process Automation 7Red Hat Edge Manager 1Red Hat Satellite 6Red Hat JBoss Enterprise Application Platform Expansion PackMigration Toolkit for Applications 8Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apicurio Registry 2OpenShift LightspeedRed Hat Connectivity Link 1Red Hat Data Grid 8Red Hat Discovery 2Multicluster Engine for KubernetesRed Hat Enterprise Linux 9Red Hat Fuse 7Red Hat build of OptaPlanner 8Red Hat Quay 3Red Hat Developer HubRed Hat OpenShift Dev SpacesNode HealthCheck OperatorRed Hat Trusted Artifact SignerNetwork Observability OperatorRed Hat Enterprise Linux 8Red Hat JBoss Enterprise Application Platform 8OpenShift Service Mesh 2OpenShift Service Mesh 3Red Hat Edge Manager preview
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-21441
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-2.67% / 83.89%
||
7 Day CHG+1.99%
Published-07 Jan, 2026 | 22:09
Updated-03 Jul, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.

Action-Not Available
Vendor-urllib3Red Hat, Inc.Python Software Foundation
Product-urllib3urllib3Red Hat Ceph Storage 7.1Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)Multiarch Tuning OperatorRed Hat OpenShift Dev Spaces (RHOSDS) 3.26Red Hat Quay 3.16Red Hat Ansible Automation Platform 2.4cert-manager operator for Red Hat OpenShift 1.18Multicluster Engine for KubernetesOpenShift API for Data Protection 1.3Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Ansible Automation Platform 2.5Red Hat Satellite 6.17 for RHEL 9Red Hat Enterprise Linux BaseOS EUS (v.9.4)Multicluster Global Hub 1.5.4Red Hat OpenShift GitOpsRed Hat Discovery 2Red Hat Quay 3.13Red Hat Quay 3.10Migration Toolkit for VirtualizationRed Hat Enterprise Linux BaseOS (v. 8)Red Hat OpenStack Platform 18.0Migration Toolkit for ContainersRed Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Satellite 6.18 for RHEL 9Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Enterprise Linux ResilientStorage (v. 8)Red Hat Enterprise Linux 8Red Hat OpenShift GitOps 1.17Red Hat Ceph Storage 9Red Hat Quay 3.14Red Hat OpenShift AI 2.25Red Hat Enterprise Linux BaseOS AUS (v.8.4)Red Hat Trusted Artifact Signer 1.2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Advanced Cluster Management for Kubernetes 2.15RHUI 4 for RHEL 8Red Hat Enterprise Linux High Availability EUS (v.9.4)Zero Trust Workload Identity Manager 1OpenShift PipelinesRed Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat Trusted Artifact Signer 1.3Red Hat AI Inference Server 3.2Red Hat Ceph Storage 8Red Hat Quay 3.15Red Hat Enterprise Linux HighAvailability (v. 8)Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat AI Inference ServerRed Hat Enterprise Linux BaseOS TUS (v.8.8)Self Node Remediation OperatorNetwork Observability (NETOBSERV) 1.11.2Fence Agents Remediation OperatorRed Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Red Hat build of Quarkus Native builderRed Hat Enterprise Linux High Availability TUS (v.8.8)Red Hat Update Infrastructure 5Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)Red Hat OpenShift Container Platform 4Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Enterprise Linux High Availability E4S (v.8.6)Red Hat Quay 3Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)Service Telemetry Framework 1.5Red Hat OpenShift GitOps 1.18Red Hat Developer HubRed Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux BaseOS EUS (v.9.6)External Secrets Operator for Red Hat OpenShiftRed Hat Enterprise Linux BaseOS E4S (v.9.0)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat OpenShift AI 3.3OpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)OpenShift ServerlessRed Hat Enterprise Linux High Availability E4S (v.9.2)Red Hat Quay 3.12OpenShift LightspeedRed Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Ansible Automation Platform 2.6Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux High Availability TUS (v.8.6)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat Ansible Automation Platform Ansible Core 2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Enterprise Linux AppStream EUS (v.9.6)external secrets operator for Red Hat OpenShift - Tech PreviewRed Hat Satellite 6.18OpenShift API for Data ProtectionRed Hat Enterprise Linux Server HighAvailability (v. 7 ELS)Red Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Enterprise Linux BaseOS (v. 10)Red Hat OpenShift Update ServiceRed Hat Enterprise Linux High Availability E4S (v.9.0)Red Hat Satellite 6Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux High Availability E4S (v.8.8)Red Hat OpenShift AI (RHOAI)Dynamic Accelerator Slicer Operator for Red Hat OpenShiftRed Hat Enterprise Linux High Availability AUS (v.8.4)Confidential Compute AttestationRed Hat Edge Manager previewOpenShift Service Mesh 2Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux BaseOS (v. 9)mirror registry for Red Hat OpenShift 2.0Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenStack Platform 13 (Queens)Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)Red Hat OpenShift GitOps 1.19Red Hat OpenStack Platform 17.1Red Hat Enterprise Linux BaseOS AUS (v. 8.2)Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Offline Knowledge PortalRed Hat Connectivity Link 1Red Hat Enterprise Linux BaseOS AUS (v.8.6)Multicluster Global Hub 1.4.5
CWE ID-CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)