Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Red Hat Build of Podman Desktop

Source -

ADP

CNA CVEs -

0

ADP CVEs -

40

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
40Vulnerabilities found

CVE-2026-13676
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.63%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 13:22
Updated-02 Jul, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize() and equal() still return values that differ from a WHATWG-compatible URL parser. Applications that use fast-uri to enforce host-based policy (denylists, loopback filtering, redirect validation, outbound proxy routing) before passing the same URL to Node's URL or fetch can be bypassed when the two implementations resolve the same input to different hosts. Patches: upgrade to fast-uri 3.1.3 for the 3.x line or 4.0.1 for the 4.x line. Workarounds: enforce host policy using the same URL parser used for the actual request, or reject non-ASCII hosts before policy checks.

Action-Not Available
Vendor-fast-uriRed Hat, Inc.OpenJS Foundation
Product-fast-urifast-uriConfidential Compute AttestationRed Hat Edge Manager 1Self-service automation portal 2Red Hat OpenShift Dev SpacesRed Hat Openshift Data Foundation 4Red Hat Quay 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Developer HubOpenShift PipelinesMulticluster Engine for KubernetesRed Hat OpenShift AI (RHOAI)Red Hat build of Apicurio Registry 3Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat Ansible Automation Platform 2Red Hat Build of Podman DesktopRed Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat Satellite 6OpenShift ServerlessRed Hat OpenShift Virtualization 4Red Hat Discovery 2Migration Toolkit for Applications 8OpenShift LightspeedRed Hat AMQ Broker 7Red Hat Connectivity Link 1Network Observability OperatorRed Hat OpenShift Container Platform 4
CWE ID-CWE-436
Interpretation Conflict
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CVE-2026-9697
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-7.4||HIGH
EPSS-0.38% / 29.48%
||
7 Day CHG+0.10%
Published-17 Jun, 2026 | 16:46
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings. Applications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange. Affected applications are those that use undici's ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added. Patches: Upgrade to undici v7.28.0 or v8.5.0. Workarounds: No workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly.

Action-Not Available
Vendor-undiciRed Hat, Inc.Node.js (OpenJS Foundation)
Product-undiciundiciRed Hat Enterprise Linux 9Self-service automation portal 2Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux 8Red Hat Build of Podman DesktopRed Hat Openshift Data Foundation 4Cryostat 4Red Hat AMQ Broker 7Cluster Observability Operator 1.5.0Red Hat Developer HubRed Hat Enterprise Linux 10OpenShift PipelinesRed Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-6734
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.49%
||
7 Day CHG+0.08%
Published-17 Jun, 2026 | 16:36
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP. Impacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin. This was introduced in undici 7.23.0 via PR #4385 and affects all versions through 8.1.0. Patches: Upgrade to undici v7.26.0 or v8.2.0. Workarounds: Use a separate Socks5ProxyAgent instance per origin, or avoid using Socks5ProxyAgent with multiple origins.

Action-Not Available
Vendor-undiciRed Hat, Inc.Node.js (OpenJS Foundation)
Product-undiciundiciRed Hat Enterprise Linux 9Self-service automation portal 2Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux 8Red Hat Build of Podman DesktopRed Hat Openshift Data Foundation 4Cryostat 4Red Hat AMQ Broker 7Cluster Observability Operator 1.5.0Red Hat Developer HubRed Hat Enterprise Linux 10OpenShift PipelinesRed Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-940
Improper Verification of Source of a Communication Channel
CVE-2026-12151
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-7.5||HIGH
EPSS-0.57% / 42.99%
||
7 Day CHG+0.14%
Published-17 Jun, 2026 | 16:05
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
undici WebSocket client vulnerable to denial of service via fragment count bypass

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service. Affected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint. All releases starting at undici 6.17.0 are affected. Patches: Upgrade to undici >= 6.26.0, >= 7.28.0, or >= 8.5.0. Workarounds: No workaround is available. The fix must be applied through an upgrade.

Action-Not Available
Vendor-undiciRed Hat, Inc.Node.js (OpenJS Foundation)
Product-undiciundiciRed Hat Enterprise Linux 9Self-service automation portal 2Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux 8Red Hat Build of Podman DesktopRed Hat Openshift Data Foundation 4Cryostat 4Red Hat AMQ Broker 7Cluster Observability Operator 1.5.0Red Hat Developer HubRed Hat Enterprise Linux 10OpenShift PipelinesRed Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-48779
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.49%
||
7 Day CHG+0.26%
Published-16 Jun, 2026 | 21:26
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ws: Memory exhaustion DoS from tiny fragments and data chunks

ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally small fragments and data chunks, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. This issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0.

Action-Not Available
Vendor-ws_projectwebsocketsRed Hat, Inc.
Product-wswsRed Hat Openshift Data Foundation 4Red Hat Build of KeycloakRed Hat Quay 3OpenShift PipelinesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Service Mesh 2.6Red Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech PreviewRed Hat Satellite 6Red Hat Discovery 2Cluster Observability Operator 1.5.0Red Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)Self-service automation portal 2Red Hat OpenShift Dev SpacesRed Hat OpenShift Service Mesh 3.1Red Hat Fuse 7Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat JBoss Enterprise Application Platform Expansion PackNode HealthCheck OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat build of Apache Camel for Spring Boot 4Red Hat Data Grid 8Red Hat Trusted Artifact SignerOpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat OpenShift Virtualization 4Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat AMQ Broker 7Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1050
Excessive Platform Resource Consumption within a Loop
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-12143
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
ShareView Details
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
CVSS Score-8.7||HIGH
EPSS-0.41% / 32.79%
||
7 Day CHG+0.08%
Published-12 Jun, 2026 | 18:01
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim into the `Content-Disposition` header without escaping carriage return (CR), line feed (LF), or double-quote (") characters. An application that passes attacker-controlled data as a field name or filename (for example, an API gateway that turns JSON object keys into multipart field names) allows the attacker to terminate the header line and inject additional headers, or to smuggle entire additional multipart parts, into the request the application forwards to a backend. This can let the attacker add or override form fields (e.g. set `is_admin=true`) seen by the downstream parser. This is an instance of CWE-93 (CRLF injection). The fix escapes CR, LF, and `"` as `%0D`, `%0A`, and `%22` in field names and filenames, matching the serialization browsers use per the WHATWG HTML multipart/form-data encoding algorithm. Exploitation requires the consuming application to use untrusted input as a field name or filename; applications that use only fixed/trusted field names are not affected. Fixed in 2.5.6, 3.0.5, and 4.0.6.

Action-Not Available
Vendor-form-dataRed Hat, Inc.
Product-form-dataRed Hat Openshift Data Foundation 4Red Hat Quay 3Red Hat Developer HubOpenShift PipelinesMulticluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Service Mesh 2.6Red Hat Build of Podman DesktopRed Hat 3scale API Management Platform 2Red Hat JBoss Enterprise Application Platform 7Red Hat Build of Podman Desktop - Tech PreviewRed Hat Satellite 6Red Hat OpenShift GitOpsRed Hat Discovery 2Cluster Observability Operator 1.5.0Red Hat JBoss Enterprise Application Platform 8Network Observability OperatorRed Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux 7Red Hat Trusted Profile AnalyzerRed Hat OpenShift Dev SpacesSelf-service automation portal 2Red Hat OpenShift Service Mesh 3.1Red Hat Fuse 7Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apicurio Registry 3Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat build of Apache Camel for Spring Boot 4Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat Trusted Artifact SignerOpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat Advanced Cluster Security 4Red Hat OpenShift Virtualization 4Migration Toolkit for Applications 8Red Hat AMQ Broker 7Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2025-71319
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.62% / 45.58%
||
7 Day CHG+0.08%
Published-09 Jun, 2026 | 19:57
Updated-03 Jul, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.

Action-Not Available
Vendor-image-sizeimage-sizeRed Hat, Inc.
Product-image-sizeimage-sizeRed Hat Enterprise Linux 7Red Hat Trusted Artifact SignerRed Hat OpenShift Dev SpacesRed Hat Enterprise Linux 8Red Hat Build of Podman DesktopRed Hat JBoss Enterprise Application Platform 7Red Hat Satellite 6Red Hat Discovery 2Red Hat Fuse 7Gatekeeper 3Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-42573
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 23.78%
||
7 Day CHG+0.11%
Published-09 Jun, 2026 | 16:21
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Svelte: XSS via DOM Clobbering of Internal Framework State

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7.

Action-Not Available
Vendor-sveltesveltejsRed Hat, Inc.
Product-sveltesvelteRed Hat Build of Podman Desktop
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-42570
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.34%
||
7 Day CHG+0.04%
Published-09 Jun, 2026 | 16:12
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Svelte devalue: DoS via sparse array deserialization

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays, leading to excessive memory consumption. This issue has been patched in version 5.8.1.

Action-Not Available
Vendor-sveltesveltejsRed Hat, Inc.
Product-devaluedevalueRed Hat Build of Podman DesktopRed Hat Trusted Artifact Signer
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-52011
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 38.91%
||
7 Day CHG-0.03%
Published-01 Jun, 2026 | 17:17
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
launch-editor vulnerable to command injection via the crafted request on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the `launch-editor` version 2.9.0, corresponding to vite version 5.4.9.

Action-Not Available
Vendor-vitejsRed Hat, Inc.
Product-launch-editorviteOpenShift Service Mesh 2Self-service automation portal 2Red Hat OpenShift Dev SpacesRed Hat Build of KeycloakRed Hat Quay 3Migration Toolkit for ContainersRed Hat Developer HubOpenShift PipelinesRed Hat JBoss Enterprise Application Platform Expansion PackNode HealthCheck OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Data Grid 8OpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat Build of Podman DesktopRed Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat Build of Podman Desktop - Tech PreviewRed Hat OpenShift Virtualization 4Red Hat Discovery 2OpenShift LightspeedCluster Observability Operator 1.5.0Red Hat AMQ Broker 7Red Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2026-9277
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
ShareView Details
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
CVSS Score-9.2||CRITICAL
EPSS-0.85% / 53.59%
||
7 Day CHG+0.22%
Published-22 May, 2026 | 13:22
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`

shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (\n, \r, U+2028, U+2029). A line terminator in `.op` therefore passed through unescaped into the output; POSIX shells treat a literal newline as a command separator, so any content after it would execute as a second command. The vulnerable code path is reachable in two ways: (1) direct construction of `{ op: '...\n...' }` from external input, and (2) via `parse(cmd, envFn)` when `envFn` returns object tokens whose `.op` is attacker-influenced. Both are documented API surface. Fixed by replacing the per-character escape with strict shape validation: `.op` must match the parser's control-operator allowlist; `{ op: 'glob', pattern }` validates `pattern` and forbids line terminators; `{ comment }` validates `comment` and forbids line terminators; any other object shape throws `TypeError`.

Action-Not Available
Vendor-Red Hat, Inc.
Product-shell-quoteCryostat 4 on RHEL 9Red Hat OpenShift Container Platform 4.21Red Hat Satellite 6.18OpenShift PipelinesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Service Mesh 2.6Red Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech PreviewRed Hat Discovery 2Cluster Observability Operator 1.5.0Red Hat Quay 3.10Red Hat OpenShift AI (RHOAI)Self-service automation portal 2Red Hat OpenShift Service Mesh 3.1Red Hat Fuse 7Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Quay 3.9Node HealthCheck OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Data Grid 8OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat OpenShift Virtualization 4Red Hat Quay 3.12Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat AMQ Broker 7Red Hat OpenShift Container Platform 4
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-45736
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.72% / 49.29%
||
7 Day CHG+0.24%
Published-15 May, 2026 | 14:53
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ws: Uninitialized memory disclosure

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.

Action-Not Available
Vendor-ws_projectwebsocketsRed Hat, Inc.
Product-wswsRed Hat Build of KeycloakRed Hat Openshift Data Foundation 4Red Hat Quay 3OpenShift PipelinesRed Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech PreviewRed Hat Satellite 6Red Hat Discovery 2Red Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)OpenShift Service Mesh 2Self-service automation portal 2Red Hat OpenShift Dev SpacesRed Hat Fuse 7Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat JBoss Enterprise Application Platform Expansion PackNode HealthCheck OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat build of Apache Camel for Spring Boot 4Red Hat Data Grid 8Red Hat Trusted Artifact SignerOpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat OpenShift Virtualization 4Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat AMQ Broker 7Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-824
Access of Uninitialized Pointer
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2026-44293
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.33% / 24.70%
||
7 Day CHG+0.03%
Published-13 May, 2026 | 14:43
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
protobufjs: Code injection through bytes field defaults in generated toObject code

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default value for a bytes field could cause attacker-controlled code to be emitted into the generated conversion function. This vulnerability is fixed in 7.5.6 and 8.0.2.

Action-Not Available
Vendor-protobufjs_projectprotobufjsRed Hat, Inc.
Product-protobufjsprotobuf.jsRed Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Container Platform 4Self-service automation portal 2Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Build of Podman DesktopRed Hat Openshift Data Foundation 4Red Hat Developer Hub 1.9Red Hat Ansible Automation Platform 2.6OpenShift PipelinesRed Hat OpenShift AI (RHOAI)Red Hat Hardened ImagesRed Hat OpenShift Service Mesh 3.3Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-44289
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.59% / 43.76%
||
7 Day CHG+0.18%
Published-13 May, 2026 | 14:39
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
protobufjs: Denial of service through unbounded protobuf recursion

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding. This vulnerability is fixed in 7.5.6 and 8.0.2.

Action-Not Available
Vendor-protobufjs_projectprotobufjsRed Hat, Inc.
Product-protobufjsprotobuf.jsRed Hat OpenShift Container Platform 4Self-service automation portal 2OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat Build of Podman DesktopRed Hat Openshift Data Foundation 4Red Hat Ceph Storage 9Red Hat Developer HubOpenShift PipelinesRed Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-606
Unchecked Input for Loop Condition
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2026-42338
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 36.23%
||
7 Day CHG+0.20%
Published-12 May, 2026 | 19:43
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ip-address: XSS in Address6 HTML-emitting methods

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error's parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.

Action-Not Available
Vendor-beaugundersonbeaugundersonRed Hat, Inc.
Product-ip-addressip-addressConfidential Compute AttestationSelf-service automation portal 2Red Hat OpenShift Dev SpacesRed Hat OpenShift Service Mesh 3.1Migration Toolkit for ContainersRed Hat Enterprise Linux 10OpenShift PipelinesMulticluster Engine for KubernetesRed Hat Advanced Cluster Management for Kubernetes 2Red Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat build of Apache Camel for Spring Boot 4Red Hat OpenShift Service Mesh 2.6Red Hat Build of Podman DesktopRed Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat Build of Podman Desktop - Tech PreviewExploit IntelligenceRed Hat Satellite 6Red Hat Developer Hub 1.9Red Hat Ansible Automation Platform 2.6Red Hat AMQ Broker 7Red Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-41675
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.41% / 32.68%
||
7 Day CHG-0.01%
Published-07 May, 2026 | 03:49
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xmldom: XML node injection through unvalidated processing instruction serialization

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without validating or neutralizing the PI-closing sequence ?>. As a result, an attacker can terminate the processing instruction early and inject arbitrary XML nodes into the serialized output. This issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13.

Action-Not Available
Vendor-xmldomRed Hat, Inc.
Product-xmldomRed Hat Build of Podman DesktopRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4Self-service automation portal 2Red Hat Enterprise Linux 8Red Hat Fuse 7Red Hat Developer Hub 1.9
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2026-41674
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.46% / 36.47%
||
7 Day CHG+0.07%
Published-07 May, 2026 | 03:47
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xmldom: XML injection through unvalidated DocumentType serialization

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields (internalSubset, publicId, systemId) verbatim without any escaping or validation. When these fields are set programmatically to attacker-controlled strings, XMLSerializer.serializeToString can produce output where the DOCTYPE declaration is terminated early and arbitrary markup appears outside it. This issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13.

Action-Not Available
Vendor-xmldomRed Hat, Inc.
Product-xmldomRed Hat OpenShift Container Platform 4.20Red Hat Build of Podman DesktopRed Hat OpenShift AI (RHOAI)Self-service automation portal 2Red Hat Developer Hub 1.8Red Hat Fuse 7Red Hat OpenShift Container Platform 4.21Red Hat Developer Hub 1.9
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2026-41673
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.64% / 46.31%
||
7 Day CHG+0.09%
Published-07 May, 2026 | 03:40
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xmldom: Denial of service via uncontrolled recursion in XML serialization

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application. This issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13.

Action-Not Available
Vendor-xmldomRed Hat, Inc.
Product-xmldomSelf-service automation portal 2Red Hat Enterprise Linux 8Red Hat Build of Podman DesktopRed Hat Developer Hub 1.9Red Hat Fuse 7Red Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2026-41672
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.36% / 28.48%
||
7 Day CHG+0.03%
Published-07 May, 2026 | 03:36
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xmldom: XML node injection through unvalidated comment serialization

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or neutralizing comment-breaking sequences. As a result, an attacker can terminate the comment early and inject arbitrary XML nodes into the serialized output. This issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13.

Action-Not Available
Vendor-xmldomRed Hat, Inc.
Product-xmldomRed Hat Build of Podman DesktopRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4Self-service automation portal 2Red Hat Enterprise Linux 8Red Hat Fuse 7Red Hat Developer Hub 1.9
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2026-6322
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.60%
||
7 Day CHG+0.20%
Published-05 May, 2026 | 10:29
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fast-uri vulnerable to host confusion via percent-encoded authority delimiters

fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator, changing the URI's authority to the second domain. Applications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the input appeared to specify. Versions <= 3.1.1 are affected. Update to 3.1.2 or later.

Action-Not Available
Vendor-fast-uriRed Hat, Inc.OpenJS Foundation
Product-fast-urifast-uriRed Hat OpenShift Container Platform 4.21Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Openshift Data Foundation 4multicluster engine for Kubernetes 2.11Red Hat Advanced Cluster Management for Kubernetes 2.16Red Hat Quay 3Red Hat Satellite 6.18OpenShift PipelinesRed Hat OpenShift Container Platform 4.22Red Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech PreviewRed Hat Satellite 6Red Hat Discovery 2Cluster Observability Operator 1.5.0Red Hat Quay 3.10Network Observability OperatorRed Hat OpenShift AI (RHOAI)Confidential Compute AttestationRed Hat Edge Manager 1Self-service automation portal 2Red Hat OpenShift Dev SpacesMigration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Quay 3.9Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4OpenShift ServerlessCryostat 4Red Hat OpenShift Virtualization 4Red Hat Quay 3.12Red Hat Developer Hub 1.9Red Hat OpenShift Container Platform 4.20Migration Toolkit for Applications 8OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat AMQ Broker 7Red Hat OpenShift Container Platform 4
CWE ID-CWE-140
Improper Neutralization of Delimiters
CWE ID-CWE-436
Interpretation Conflict
CVE-2026-6321
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.37%
||
7 Day CHG+0.12%
Published-04 May, 2026 | 19:31
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fast-uri vulnerable to path traversal via percent-encoded dot segments

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications that normalize or compare attacker-controlled URLs to enforce path-based policy can be bypassed, with a path that appears confined under an allowed prefix normalizing to a different location. Versions <= 3.1.0 are affected. Update to 3.1.1 or later.

Action-Not Available
Vendor-fast-uriRed Hat, Inc.OpenJS Foundation
Product-fast-urifast-uriConfidential Compute AttestationRed Hat Developer Hub 1.8Red Hat OpenShift Dev Spaces 3.28Red Hat Openshift Data Foundation 4.16Network Observability (NETOBSERV) 1.12.0Red Hat Enterprise Linux 10Red Hat Satellite 6.18Red Hat Developer HubOpenShift PipelinesRed Hat Openshift Data Foundation 4.19Red Hat Enterprise Linux 9Red Hat Data Grid 8streams for Apache Kafka 3Red Hat Ansible Automation Platform 2Red Hat Ansible Automation Platform 2.5Red Hat Build of Podman DesktopCryostat 4Red Hat Build of Podman Desktop - Tech PreviewRed Hat Openshift Data Foundation 4.18Red Hat Satellite 6Red Hat Discovery 2streams for Apache Kafka 2Red Hat Developer Hub 1.9HawtIO HawtIO 4.4.0Cluster Observability Operator 1.5.0Red Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-40895
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.49% / 38.32%
||
7 Day CHG+0.19%
Published-21 Apr, 2026 | 19:59
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
follow-redirects: Custom Authentication Headers Leaked to Cross-Domain Redirect Targets

follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect (301/302/307/308), follow-redirects only strips authorization, proxy-authorization, and cookie headers (matched by regex at index.js). Any custom authentication header (e.g., X-API-Key, X-Auth-Token, Api-Key, Token) is forwarded verbatim to the redirect target. This vulnerability is fixed in 1.16.0.

Action-Not Available
Vendor-follow-redirects_projectfollow-redirectsRed Hat, Inc.
Product-follow-redirectsfollow-redirectsRed Hat Developer Hub 1.8Cryostat 4 on RHEL 9Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Red Hat Advanced Cluster Management for Kubernetes 2.16Red Hat Developer HubRed Hat Quay 3.16Red Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Service Mesh 2.6streams for Apache Kafka 3Red Hat Ansible Automation Platform 2.5Red Hat Build of Podman DesktopRed Hat 3scale API Management Platform 2Red Hat Build of Podman Desktop - Tech PreviewRed Hat OpenShift GitOpsRed Hat Discovery 2Red Hat Quay 3.10Red Hat JBoss Enterprise Application Platform 8multicluster engine for Kubernetes 2.10multicluster engine for Kubernetes 2.9Migration Toolkit for VirtualizationSelf-service automation portal 2Red Hat Trusted Profile AnalyzerRed Hat OpenShift Dev Spaces 3.28Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Fuse 7Gatekeeper 3Migration Toolkit for ContainersRed Hat OpenShift AI 3.3Red Hat JBoss Enterprise Application Platform Expansion PackNode HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Quay 3.17Red Hat Data Grid 8OpenShift Service Mesh 3Red Hat OpenShift distributed tracing 3Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Red Hat Trusted Artifact SignerRed Hat Ceph Storage 9Red Hat Quay 3.14Red Hat Quay 3.12Red Hat Developer Hub 1.9Migration Toolkit for Applications 8OpenShift LightspeedRed Hat OpenShift AI 2.25Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Container Platform 4.21Red Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Process Automation 7multicluster engine for Kubernetes 2.11OpenShift PipelinesRed Hat JBoss Enterprise Application Platform 7Red Hat Satellite 6streams for Apache Kafka 2Cluster Observability Operator 1.5.0multicluster engine for Kubernetes 2.6Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15multicluster engine for Kubernetes 2.8Red Hat Edge Manager 1Network Observability (NETOBSERV) 1.11.2Red Hat build of Apicurio Registry 3Red Hat OpenShift Container Platform 4.19Red Hat Quay 3.9Red Hat Enterprise Linux AI (RHEL AI) 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift Container Platform 4.20Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2026-41242
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-0.74% / 50.26%
||
7 Day CHG+0.17%
Published-18 Apr, 2026 | 16:18
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
protobufjs has an arbitrary code execution issue

protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.

Action-Not Available
Vendor-protobufjs_projectprotobufjsRed Hat, Inc.
Product-protobufjsprotobuf.jsRed Hat OpenShift AI (RHOAI)Red Hat Hardened ImagesSelf-service automation portal 2Red Hat Enterprise Linux 9Red Hat Developer Hub 1.8Red Hat Enterprise Linux AI (RHEL AI) 3Cryostat 4Red Hat Openshift Data Foundation 4Red Hat Ansible Automation Platform 2Red Hat Build of Podman DesktopRed Hat Developer HubRed Hat OpenShift Container Platform 4Red Hat OpenShift AI 2.25Red Hat build of Apicurio Registry 3OpenShift PipelinesRed Hat Ceph Storage 9Red Hat Enterprise Linux 8Red Hat Developer Hub 1.9OpenShift Service Mesh 3
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-34045
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.47% / 37.57%
||
7 Day CHG+0.11%
Published-07 Apr, 2026 | 20:52
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Podman Desktop WebView Server Exposed

Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection limits and timeouts, an attacker can exhaust file descriptors and kernel memory, leading to application crash or full host freeze. Additionally, verbose error responses disclose internal paths and system details (including usernames on Windows), aiding further exploitation. The issue requires no authentication or user interaction and is exploitable over the network. This vulnerability is fixed in 1.26.2.

Action-Not Available
Vendor-podman-desktopThe Linux FoundationRed Hat, Inc.
Product-podman_desktoppodman-desktopRed Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech PreviewRed Hat Enterprise Linux 10Red Hat Enterprise Linux Extensions Channel (v. 10)
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-39364
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-2.10% / 79.38%
||
7 Day CHG+0.38%
Published-07 Apr, 2026 | 19:12
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vite has a `server.fs.deny` bypass with queries

Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny (e.g., .env, *.crt) can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are appended. This vulnerability is fixed in 7.3.2 and 8.0.5.

Action-Not Available
Vendor-voidzerovitejsvitejsRed Hat, Inc.
Product-vitevite\+vite-plusviteRed Hat Ansible Automation Platform 2Red Hat Build of Podman DesktopRed Hat Ansible Automation Platform 2.6Red Hat Build of Podman Desktop - Tech PreviewRed Hat OpenShift Container Platform 4Red Hat Advanced Cluster Security 4Red Hat Build of KeycloakRed Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-180
Incorrect Behavior Order: Validate Before Canonicalize
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
CVE-2026-39363
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-2.91% / 85.27%
||
7 Day CHG+0.62%
Published-07 Apr, 2026 | 19:10
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vite Affected by Arbitrary File Read via Vite Dev Server WebSocket

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, if it is possible to connect to the Vite dev server’s WebSocket without an Origin header, an attacker can invoke fetchModule via the custom WebSocket event vite:invoke and combine file://... with ?raw (or ?inline) to retrieve the contents of arbitrary files on the server as a JavaScript string (e.g., export default "..."). The access control enforced in the HTTP request path (such as server.fs.allow) is not applied to this WebSocket-based execution path. This vulnerability is fixed in 6.4.2, 7.3.2, and 8.0.5.

Action-Not Available
Vendor-voidzerovitejsvitejsRed Hat, Inc.
Product-vitevite\+vite-plusviteRed Hat Ansible Automation Platform 2Red Hat Build of Podman DesktopRed Hat Ansible Automation Platform 2.6Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Build of Podman Desktop - Tech PreviewRed Hat OpenShift Container Platform 4Red Hat Advanced Cluster Security 4Red Hat Build of KeycloakRed Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-34986
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 46.67%
||
7 Day CHG+0.37%
Published-06 Apr, 2026 | 16:22
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Go JOSE affect by a panic in JWE decryption

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.

Action-Not Available
Vendor-go-jose_projectgo-joseRed Hat, Inc.
Product-go-josego-joseCryostat 4 on RHEL 9Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Red Hat OpenShift GitOps 1.18Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Red Hat Build of Podman DesktopMulticluster Global Hub 1.5.4Red Hat Build of Podman Desktop - Tech PreviewRed Hat OpenShift GitOpsRed Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorKernel Module Management Operator for Red Hat Openshiftmulticluster engine for Kubernetes 2.10Migration Toolkit for Virtualizationmulticluster engine for Kubernetes 2.9Red Hat OpenShift Cluster Manager CLICustom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift AI 3.3Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Quay 3.17OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Quay 3.14Red Hat Quay 3.12OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat OpenShift AI 2.25OpenShift Developer Tools and ServicesRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Container Platform 4.21multicluster engine for Kubernetes 2.11Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Build of KueueOpenShift PipelinesSecurity Profiles OperatorRed Hat Openshift Data Foundation 4.19Red Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Trusted Artifact Signer 1.3Red Hat Openshift Data Foundation 4.2Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Openshift Data Foundation 4.18Red Hat Enterprise Linux AppStream (v. 9)multicluster engine for Kubernetes 2.6Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15Red Hat OpenShift Pipelines 1.21Confidential Compute Attestationmulticluster engine for Kubernetes 2.8OpenShift Service Mesh 2Red Hat OpenShift Pipelines 1.2Red Hat OpenShift Dev SpacesMulticluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat OpenShift Container Platform 4.18Multicluster Global Hub 1.4.5Red Hat Quay 3.9Red Hat OpenShift Container Platform 4.19Logging Subsystem for Red Hat OpenShiftMulticluster Global HubRed Hat Openshift Data Foundation 4.17OpenShift API for Data Protection 1.4multicluster engine for Kubernetes 2.7Red Hat OpenShift Dev Spaces 3.27OpenShift API for Data Protection 1.5Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4.20Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat Connectivity Link 1Red Hat OpenShift Container Platform 4
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-248
Uncaught Exception
CVE-2026-34780
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.4||HIGH
EPSS-0.33% / 24.58%
||
7 Day CHG+0.08%
Published-04 Apr, 2026 | 00:02
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects (from the WebCodecs API) across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world (for example, via XSS) can use a bridged VideoFrame to gain access to the isolated world, including any Node.js APIs exposed to the preload script. Apps are only affected if a preload script returns, resolves, or passes a VideoFrame object to the main world via contextBridge.exposeInMainWorld(). Apps that do not bridge VideoFrame objects are not affected. This issue has been patched in versions 39.8.0, 40.7.0, and 41.0.0-beta.8.

Action-Not Available
Vendor-Electron UserlandRed Hat, Inc.Electron (OpenJS Foundation)
Product-electronelectronRed Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech Preview
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-501
Trust Boundary Violation
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2026-34774
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.44% / 35.62%
||
7 Day CHG+0.10%
Published-03 Apr, 2026 | 23:52
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electron: Use-after-free in offscreen child window paint callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open() may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or memory corruption. Apps are only affected if they use offscreen rendering (webPreferences.offscreen: true) and their setWindowOpenHandler permits child windows. Apps that do not use offscreen rendering, or that deny child windows, are not affected. This issue has been patched in versions 39.8.1, 40.7.0, and 41.0.0.

Action-Not Available
Vendor-Electron UserlandRed Hat, Inc.Electron (OpenJS Foundation)
Product-electronelectronRed Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech Preview
CWE ID-CWE-416
Use After Free
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2026-34771
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.29% / 20.51%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 23:47
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler() may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not set a permission request handler, or whose handler responds synchronously, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.

Action-Not Available
Vendor-Electron UserlandRed Hat, Inc.Electron (OpenJS Foundation)
Product-electronelectronRed Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech Preview
CWE ID-CWE-364
Signal Handler Race Condition
CWE ID-CWE-416
Use After Free
CVE-2026-34769
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.29% / 21.27%
||
7 Day CHG+0.06%
Published-03 Apr, 2026 | 23:33
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct webPreferences by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer sandboxing or web security controls. Apps are only affected if they construct webPreferences from external or untrusted input without an allowlist. Apps that use a fixed, hardcoded webPreferences object are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.

Action-Not Available
Vendor-Electron UserlandRed Hat, Inc.Electron (OpenJS Foundation)
Product-electronelectronRed Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech Preview
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE ID-CWE-912
Hidden Functionality
CVE-2026-34601
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.40%
||
7 Day CHG+0.05%
Published-02 Apr, 2026 | 17:47
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator ]]> to be inserted into a CDATASection node. During serialization, XMLSerializer emitted the CDATA content verbatim without rejecting or safely splitting the terminator. As a result, data intended to remain text-only became active XML markup in the serialized output, enabling XML structure injection and downstream business-logic manipulation. This issue has been patched in xmldom version 0.6.0 and @xmldom/xmldom versions 0.8.12 and 0.9.9.

Action-Not Available
Vendor-xmldomRed Hat, Inc.
Product-xmldomRed Hat Build of Podman DesktopMigration Toolkit for Applications 8Red Hat Developer HubRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4Red Hat OpenShift Dev SpacesSelf-service automation portal 2Red Hat Fuse 7
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2026-4800
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-8.1||HIGH
EPSS-1.74% / 74.89%
||
7 Day CHG+0.71%
Published-31 Mar, 2026 | 19:25
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
lodash vulnerable to Code Injection via `_.template` imports key names

Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. When an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function(). Patches: Users should upgrade to version 4.18.0. Workarounds: Do not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names.

Action-Not Available
Vendor-lodashlodashRed Hat, Inc.
Product-lodash-eslodashlodash-amdlodash.templatelodash-eslodashlodash-amdlodash.templateRed Hat Developer Hub 1.8Red Hat Directory Server 13Cryostat 4 on RHEL 9Red Hat Enterprise Linux High Availability (v. 10)Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat build of Apicurio Registry 2Red Hat Enterprise Linux High Availability E4S (v.8.6)Red Hat Quay 3Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)Red Hat OpenShift distributed tracing 3.9.3Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)Red Hat OpenShift GitOps 1.18Red Hat Directory Server 11Red Hat Directory Server 12Red Hat Developer HubMulticluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Service Mesh 2.6Red Hat Ansible Automation Platform 2.5Red Hat Build of Podman DesktopRed Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat Discovery 2Red Hat JBoss Enterprise Application Platform 8Self-service automation portal 2Red Hat Trusted Profile AnalyzerRed Hat Enterprise Linux 7Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Fuse 7Red Hat Enterprise Linux High Availability (v. 9)Red Hat Openshift Data Foundation 4.16Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Streams for Apache Kafka 2.9.4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat OpenShift AI 3.3Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)Red Hat Advanced Cluster Security 4Red Hat Enterprise Linux High Availability E4S (v.9.2)Migration Toolkit for Applications 8Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat Enterprise Linux High Availability TUS (v.8.6)Red Hat Enterprise Linux High Availability EUS (v. 10.0)Red Hat Build of KeycloakRed Hat Process Automation 7Red Hat Enterprise Linux High Availability EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Satellite 6.18OpenShift PipelinesRed Hat Openshift Data Foundation 4.19Red Hat Trusted Artifact Signer 1.3Migration Toolkit for Virtualization 2.9Red Hat Openshift Data Foundation 4.2Migration Toolkit for Virtualization 2.1Streams for Apache Kafka 3.2.0Red Hat JBoss Enterprise Application Platform 7Red Hat Enterprise Linux High Availability E4S (v.9.0)Red Hat Openshift Data Foundation 4.18Red Hat Satellite 6Red Hat Data Grid 8.6.1Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux High Availability EUS (v.9.6)Cluster Observability Operator 1.5.0Red Hat Enterprise Linux High Availability E4S (v.8.8)Red Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux High Availability AUS (v.8.4)Confidential Compute AttestationRed Hat Edge Manager 1Network Observability (NETOBSERV) 1.11.2Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux Resilient Storage (v. 9)Red Hat build of Apicurio Registry 3Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux Resilient Storage EUS (v.9.6)Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux High Availability TUS (v.8.8)Red Hat Openshift Data Foundation 4.17Red Hat OpenShift Dev Spaces 3.27Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift GitOps 1.19Red Hat OpenShift Container Platform 4.20Red Hat Single Sign-On 7Red Hat Connectivity Link 1Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)Red Hat OpenShift Container Platform 4
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-33896
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.30% / 22.01%
||
7 Day CHG+0.12%
Published-27 Mar, 2026 | 20:50
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid. Version 1.4.0 patches the issue.

Action-Not Available
Vendor-digitalbazaardigitalbazaarRed Hat, Inc.
Product-forgeforgeRed Hat Developer Hub 1.8Red Hat build of Apicurio Registry 2Red Hat Process Automation 7Red Hat Quay 3Red Hat Fuse 7Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Logging Subsystem for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat Build of Podman DesktopRed Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat Developer Hub 1.9Cluster Observability Operator 1.5.0
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-33895
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 25.79%
||
7 Day CHG+0.08%
Published-27 Mar, 2026 | 20:47
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Forge has signature forgery in Ed25519 due to missing S > L check

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue.

Action-Not Available
Vendor-digitalbazaardigitalbazaarRed Hat, Inc.
Product-forgeforgeRed Hat Developer Hub 1.8Red Hat build of Apicurio Registry 2Red Hat Process Automation 7Red Hat Quay 3Red Hat Fuse 7Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Logging Subsystem for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat Build of Podman DesktopRed Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat Developer Hub 1.9Cluster Observability Operator 1.5.0
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-33894
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 25.84%
||
7 Day CHG+0.09%
Published-27 Mar, 2026 | 20:45
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue.

Action-Not Available
Vendor-digitalbazaardigitalbazaarRed Hat, Inc.
Product-forgeforgeRed Hat Developer Hub 1.8Red Hat build of Apicurio Registry 2Red Hat Process Automation 7Red Hat Fuse 7Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Quay 3.16Logging Subsystem for Red Hat OpenShiftRed Hat Quay 3.9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux 9Red Hat Quay 3.17Red Hat Data Grid 8Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat Build of Podman DesktopRed Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat Quay 3.14Red Hat Quay 3.12Red Hat Developer Hub 1.9Cluster Observability Operator 1.5.0Red Hat Quay 3.10Red Hat Quay 3.15
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-33891
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.58% / 43.47%
||
7 Day CHG+0.21%
Published-27 Mar, 2026 | 20:43
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue.

Action-Not Available
Vendor-digitalbazaardigitalbazaarRed Hat, Inc.
Product-forgeforgeRed Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat build of Apicurio Registry 2Red Hat Process Automation 7Red Hat Quay 3Red Hat Fuse 7Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Logging Subsystem for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat Build of Podman DesktopRed Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat Developer Hub 1.9Red Hat Ansible Automation Platform 2.6 for RHEL 10Cluster Observability Operator 1.5.0
CWE ID-CWE-606
Unchecked Input for Loop Condition
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-4926
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-7.5||HIGH
EPSS-0.79% / 51.80%
||
7 Day CHG+0.34%
Published-26 Mar, 2026 | 18:59
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
path-to-regexp vulnerable to Denial of Service via sequential optional groups

Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns.

Action-Not Available
Vendor-pillarjspath-to-regexpRed Hat, Inc.
Product-path-to-regexppath-to-regexpRed Hat OpenShift AI (RHOAI)Red Hat AMQ Broker 7Self-service automation portal 2Red Hat Enterprise Linux 10Red Hat Developer Hub 1.8Cryostat 4Red Hat Openshift Data Foundation 4Red Hat Ansible Automation Platform 2Migration Toolkit for Virtualization 2.1Red Hat Trusted Artifact Signer 1.3Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat OpenShift Container Platform 4Red Hat OpenShift GitOpsRed Hat Trusted Profile AnalyzerRed Hat Advanced Cluster Security 4Red Hat Single Sign-On 7Red Hat OpenShift Virtualization 4OpenShift PipelinesLogging Subsystem for Red Hat OpenShiftMigration Toolkit for Virtualization 2.9Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Process Automation 7Red Hat Edge Manager 1Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Satellite 6Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat OpenShift distributed tracing 3.9.3Migration Toolkit for Applications 8Red Hat Ansible Automation Platform 2.6Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apicurio Registry 2Cryostat 4 on RHEL 9OpenShift LightspeedRed Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7Multicluster Engine for KubernetesRed Hat Enterprise Linux 9Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Fuse 7Red Hat Build of Podman DesktopRed Hat Quay 3Red Hat Developer HubRed Hat OpenShift Dev Spaces 3.27Red Hat Ansible Automation Platform 2.6 for RHEL 10Network Observability OperatorRed Hat Enterprise Linux 8Red Hat JBoss Enterprise Application Platform 8Red Hat Developer Hub 1.9OpenShift Service Mesh 2OpenShift Service Mesh 3
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-33228
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.70% / 48.77%
||
7 Day CHG+0.09%
Published-20 Mar, 2026 | 23:06
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
flatted: Prototype Pollution via parse()

flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "__proto__" returns Array.prototype via the inherited getter. This object is then treated as a legitimate parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype to the consumer. Any code that subsequently writes to that property will pollute the global prototype. This issue has been patched in version 3.4.2.

Action-Not Available
Vendor-webreflectionWebReflectionRed Hat, Inc.
Product-flattedflattedRed Hat Developer Hub 1.8Red Hat Directory Server 13Red Hat build of Apicurio Registry 2Red Hat Build of KeycloakRed Hat Process Automation 7Red Hat Quay 3Red Hat Fuse 7Red Hat Directory Server 11Red Hat Directory Server 12Red Hat Enterprise Linux 10Multicluster Engine for KubernetesRed Hat JBoss Enterprise Application Platform Expansion PackRed Hat Advanced Cluster Management for Kubernetes 2Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux 9Red Hat Data Grid 8streams for Apache Kafka 3Red Hat Enterprise Linux 8Red Hat Build of Podman DesktopRed Hat 3scale API Management Platform 2Red Hat JBoss Enterprise Application Platform 7Cryostat 4streams for Apache Kafka 2Red Hat Developer Hub 1.9Cluster Observability Operator 1.5.0Red Hat Single Sign-On 7Red Hat AMQ Broker 7Red Hat JBoss Enterprise Application Platform 8Red Hat build of OptaPlanner 8Red Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE ID-CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CVE-2026-33186
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.56% / 72.16%
||
7 Day CHG+1.03%
Published-20 Mar, 2026 | 22:23
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
gRPC-Go has an authorization bypass via missing leading slash in :path

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, "deny" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback "allow" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific "deny" rules for canonical paths but allows other requests by default (a fallback "allow" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.

Action-Not Available
Vendor-grpcgrpcRed Hat, Inc.
Product-grpcgrpc-goCryostat 4 on RHEL 9Red Hat OpenShift distributed tracing 3.9.3Red Hat Container Native Virtualization 4.20Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Service Mesh 3.0Red Hat OpenShift Builds 1.6.5Red Hat OpenShift Service Mesh 2.6Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat Build of Podman Desktop - Tech PreviewRed Hat OpenShift GitOpsRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Quay 3.10Red Hat Web Terminal 1.15Migration Toolkit for VirtualizationRed Hat OpenShift Cluster Manager CLIRed Hat Trusted Profile AnalyzerRed Hat OpenStack Platform 18.0Red Hat OpenShift Container Platform 4.17Red Hat Container Native Virtualization 4.21Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersKube Descheduler OperatorRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8OpenShift Run Once Duration Override OperatorRed Hat Quay 3.14Migration Toolkit for Applications 8OpenShift Secondary Scheduler OperatorPower monitoring for Red Hat OpenShiftRed Hat OpenShift AI 2.25OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14DevWorkspace Operator 0.4ExternalDNS OperatorRed Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Enterprise Linux AppStream (v. 10)OpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Openshift Data Foundation 4.19Red Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Trusted Artifact Signer 1.3Red Hat OpenShift Container Platform 4.13Red Hat Quay 3.15multicluster engine for Kubernetes 2.8Red Hat OpenShift Pipelines 1.2Red Hat AI Inference ServerSelf Node Remediation OperatorNetwork Observability (NETOBSERV) 1.11.2Red Hat OpenShift Container Platform 4.18Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Red Hat Quay 3.9Multicluster Global HubRed Hat Service Interconnect 1OpenShift API for Data Protection 1.4Storage-Based RemediationRed Hat OpenShift Dev Spaces 3.27Cryostat 4Red Hat OpenShift Virtualization 4Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat OpenShift Container Platform 4.16Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Advanced Cluster Management for Kubernetes 2.16Red Hat Quay 3Machine Deletion Remediation OperatorRed Hat OpenShift GitOps 1.18Leader Worker SetService Telemetry Framework 1.5Red Hat OpenShift Container Platform 4.15Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Container Native Virtualization 4.18Red Hat Build of Podman DesktopExternal Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftKernel Module Management Operator for Red Hat Openshiftmulticluster engine for Kubernetes 2.10multicluster engine for Kubernetes 2.9Red Hat Enterprise Linux 7Red Hat Openshift Data Foundation 4.16Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Red Hat Container Native Virtualization 4.19Red Hat Enterprise Linux 10Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift AI 3.3Red Hat OpenShift Dev Workspaces OperatorRed Hat Quay 3.17Red Hat Trusted Artifact SignerOpenShift Service Mesh 3Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Quay 3.12Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Container Platform 4.21multicluster engine for Kubernetes 2.11Red Hat Enterprise Linux AppStream EUS (v.9.6)OpenShift API for Data ProtectionRed Hat Build of KueueRed Hat Certification Program for Red Hat Enterprise Linux 9Builds for Red Hat OpenShiftRed Hat Openshift Data Foundation 4.2Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Openshift Data Foundation 4.18Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1multicluster engine for Kubernetes 2.6Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Dynamic Accelerator Slicer Operator for Red Hat OpenShiftRed Hat OpenShift Pipelines 1.21Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat OpenShift Container Platform 4.19Logging Subsystem for Red Hat OpenShiftRed Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift Builds 1.7.3OpenShift API for Data Protection 1.5Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersJob Set Tech PreviewRed Hat OpenShift Container Platform 4.20Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Connectivity Link 1Multicluster Global Hub 1.4.5
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization