Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Red Hat Lightspeed for Runtimes Operator

Source -

ADP

CNA CVEs -

0

ADP CVEs -

7

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
7Vulnerabilities found

CVE-2026-54513
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.68% / 47.75%
||
7 Day CHG+0.08%
Published-23 Jun, 2026 | 20:53
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray() allowlists any array type based only on clazz.isArray(), without validating the array's component (element) type against the configured allowlist. A PTV built with allowIfSubTypeIsArray() plus an explicit concrete-type allowlist therefore still permits EvilType[] even though EvilType is not allowlisted. When Jackson deserializes the elements and no per-element type IDs are present, it instantiates the component type directly with no further PTV check, bypassing the allowlist. This vulnerability is fixed in 2.18.8, 2.21.4, and 3.1.4.

Action-Not Available
Vendor-Red Hat, Inc.FasterXML, LLC.
Product-jackson-databindjackson-databindOpenShift Developer Tools and ServicesRed Hat OpenShift Dev SpacesRed Hat Build of KeycloakRed Hat Certificate System 10Red Hat AMQ ClientsRed Hat AI Inference ServerRed Hat AMQ Broker 7Red Hat Enterprise Linux 10Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apicurio Registry 3Red Hat Lightspeed for Runtimes OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat build of Apache Camel for Spring Boot 4Red Hat Enterprise Linux 9Red Hat Data Grid 8streams for Apache Kafka 3Red Hat build of Debezium 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Red Hat JBoss Enterprise Application Platform 7Red Hat Satellite 6Cryostat 4streams for Apache Kafka 2OpenShift ServerlessRed Hat build of Apache Camel 4 for Quarkus 3Red Hat Single Sign-On 7Red Hat Offline Knowledge PortalRed Hat JBoss Enterprise Application Platform 8Red Hat build of QuarkusRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CVE-2026-27145
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.5||MEDIUM
EPSS-0.76% / 50.87%
||
7 Day CHG+0.20%
Published-02 Jun, 2026 | 22:01
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient candidate hostname parsing in crypto/x509

(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.
Product-crypto/x509Zero Trust Workload Identity Manager - Tech PreviewRed Hat Openshift Data Foundation 4Red Hat Quay 3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Multiarch Tuning OperatorMulticluster Engine for KubernetesRed Hat Ceph Storage 7Deployment Validation OperatorZero Trust Workload Identity ManagerRed Hat Web Terminalstreams for Apache Kafka 3Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsExternal Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Gatekeeper 3Custom Metric Autoscaler operator for Red Hat OpenshiftMigration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Ceph Storage 9Compliance OperatorOpenShift Source-to-Image (S2I)Migration Toolkit for Applications 8Red Hat Advanced Cluster Security 4Red Hat Developer Hub 1.9OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2Red Hat OpenStack Platform 16.2OpenShift Developer Tools and ServicesRed Hat Ceph Storage 5Red Hat Enterprise Linux AppStream (v. 10)OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorBuilds for Red Hat OpenShiftRed Hat Satellite 6streams for Apache Kafka 2Red Hat Ceph Storage 8Red Hat Enterprise Linux AppStream (v. 9)Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationRed Hat Edge Manager 1OpenShift Service Mesh 2Red Hat OpenShift Dev SpacesLogical Volume Manager StorageFence Agents Remediation OperatorLogging Subsystem for Red Hat OpenShiftRed Hat Lightspeed for Runtimes OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Multicluster Global HubCryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-606
Unchecked Input for Loop Condition
CVE-2026-39821
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.6||CRITICAL
EPSS-0.48% / 37.81%
||
7 Day CHG+0.13%
Published-22 May, 2026 | 15:01
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com".

Action-Not Available
Vendor-golang.org/x/netRed Hat, Inc.Go
Product-netgolang.org/x/net/idnaZero Trust Workload Identity Manager - Tech PreviewRed Hat Openshift Data Foundation 4Red Hat Quay 3Machine Deletion Remediation OperatorMultiarch Tuning OperatorRed Hat Developer HubRed Hat Enterprise Linux AI 3.4Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Service Mesh 3.0Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Web TerminalRed Hat OpenShift Service Mesh 2.6streams for Apache Kafka 3Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsExternal Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessCompliance OperatorRed Hat Ceph Storage 9Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Ceph Storage 5Red Hat Enterprise Linux AppStream (v. 10)OpenShift API for Data ProtectionOpenShift PipelinesSecurity Profiles OperatorFile Integrity OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Builds for Red Hat OpenShiftRed Hat Satellite 6Red Hat Ceph Storage 8Red Hat Enterprise Linux AppStream (v. 9)Cluster Observability Operator 1.5.0Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmulticluster engine for Kubernetes 2.8Red Hat Edge Manager 1Red Hat OpenShift Dev SpacesLogical Volume Manager StorageFence Agents Remediation OperatorRed Hat Lightspeed for Runtimes OperatorMulticluster Global HubRed Hat Service Interconnect 1Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1289
Improper Validation of Unsafe Equivalence in Input
CVE-2026-39820
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.76% / 50.57%
||
7 Day CHG+0.27%
Published-07 May, 2026 | 19:41
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/mailRed Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Multiarch Tuning OperatorMulticluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift GitOpsExternal Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Ceph Storage 9Red Hat Developer Hub 1.9Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat OpenShift Dev SpacesLogical Volume Manager StorageRed Hat Lightspeed for Runtimes OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Multicluster Global HubRed Hat Service Interconnect 1Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-606
Unchecked Input for Loop Condition
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-33811
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.50%
||
7 Day CHG+0.23%
Published-07 May, 2026 | 19:41
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crash when handling long CNAME response in net

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonetRed Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Multiarch Tuning OperatorRed Hat Connectivity Link 1Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Service Mesh 3.0Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Web Terminalstreams for Apache Kafka 3Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsExternal Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3Red Hat Trusted Artifact SignerOpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessCompliance OperatorRed Hat Ceph Storage 9OpenShift Source-to-Image (S2I)Migration Toolkit for Applications 8Red Hat Advanced Cluster Security 4Red Hat Developer Hub 1.9OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Ceph Storage 5Red Hat Enterprise Linux AppStream (v. 10)OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Builds for Red Hat OpenShiftRed Hat Satellite 6Red Hat Enterprise Linux AppStream (v. 9)Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftRed Hat Edge Manager 1OpenShift Service Mesh 2Red Hat OpenShift Dev SpacesRed Hat AMQ ClientsLogical Volume Manager StorageFence Agents Remediation OperatorLogging Subsystem for Red Hat OpenShiftRed Hat Lightspeed for Runtimes OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Multicluster Global HubRed Hat Service Interconnect 1Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1341
Multiple Releases of Same Resource or Handle
CWE ID-CWE-415
Double Free
CVE-2026-42499
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.77% / 51.04%
||
7 Day CHG+0.19%
Published-07 May, 2026 | 19:41
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quadratic string concatenation in consumePhrase in net/mail

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/mailRed Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Multiarch Tuning OperatorMulticluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift GitOpsExternal Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Ceph Storage 9Red Hat Developer Hub 1.9Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat OpenShift Dev SpacesLogical Volume Manager StorageRed Hat Lightspeed for Runtimes OperatorRed Hat Enterprise Linux AI (RHEL AI) 3Multicluster Global HubRed Hat Service Interconnect 1Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1046
Creation of Immutable Text Using String Concatenation
CVE-2026-40542
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-7.3||HIGH
EPSS-0.46% / 36.41%
||
7 Day CHG-0.11%
Published-22 Apr, 2026 | 07:07
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-httpclientApache HttpClientRed Hat OpenShift AI (RHOAI)Red Hat build of QuarkusRed Hat AMQ Broker 7Red Hat Enterprise Linux 10Cryostat 4streams for Apache Kafka 2Red Hat AMQ ClientsRed Hat build of Apicurio Registry 3Red Hat Single Sign-On 7Red Hat build of Apache Camel 4 for Quarkus 3Red Hat JBoss Web Server 6Red Hat Process Automation 7Red Hat Lightspeed for Runtimes OperatorRed Hat Satellite 6OpenShift Developer Tools and ServicesRed Hat JBoss Enterprise Application Platform Expansion PackMigration Toolkit for Applications 8Red Hat build of Apache Camel - HawtIO 4Red Hat Certificate System 10Red Hat build of Apicurio Registry 2Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7Red Hat build of Debezium 3Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat JBoss Core ServicesRed Hat build of Apache Camel for Spring Boot 4Red Hat Fuse 7Red Hat build of OptaPlanner 8Red Hat JBoss Web Server 5Red Hat Offline Knowledge Portalstreams for Apache Kafka 3Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux 8Red Hat JBoss Enterprise Application Platform 8OpenShift Serverless
CWE ID-CWE-304
Missing Critical Step in Authentication
CWE ID-CWE-325
Missing Cryptographic Step