Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Red Hat OpenShift GitOps 1.20

Source -

ADP

CNA CVEs -

0

ADP CVEs -

4

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found

CVE-2026-39821
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.6||CRITICAL
EPSS-0.48% / 38.18%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 15:01
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com".

Action-Not Available
Vendor-golang.org/x/netRed Hat, Inc.Go
Product-netgolang.org/x/net/idnaZero Trust Workload Identity Manager - Tech PreviewMachine Deletion Remediation OperatorRed Hat Connectivity Link 1Multiarch Tuning OperatorRed Hat Developer HubRed Hat Enterprise Linux AI 3.4Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorZero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Openshift Data Foundation 4.22Red Hat Web TerminalRed Hat OpenShift Service Mesh 2.6Red Hat OpenShift Container Platform 4.22streams for Apache Kafka 3Red Hat OpenShift Builds 1.8.1Red Hat 3scale API Management Platform 2DevWorkspace Operator 0.42Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability Operatormulticluster engine for Kubernetes 2.9Red Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Red Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Migration Toolkit for ContainersRed Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Enterprise Linux 10Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat OpenShift GitOps 1.20OpenShift ServerlessCompliance OperatorRed Hat Ceph Storage 9Migration Toolkit for Applications 8OpenShift LightspeedRHEM 1.0 for RHEL 9Power monitoring for Red Hat OpenShiftRed Hat OpenShift Dev Spaces 3.29Red Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9RHEM 1.1 for RHEL 10Red Hat Satellite 6Red Hat Ceph Storage 8Cluster Observability Operator 1.5.0Red Hat Edge Manager 1.1multicluster engine for Kubernetes 2.6Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmulticluster engine for Kubernetes 2.8Logical Volume Manager StorageFence Agents Remediation OperatorMulticluster Global Hub 1.4.5Red Hat Quay 3.9Red Hat Lightspeed for Runtimes OperatorRed Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Red Hat Edge Manager 1.0Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1289
Improper Validation of Unsafe Equivalence in Input
CVE-2026-42880
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.6||CRITICAL
EPSS-0.51% / 39.84%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 22:20
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9.

Action-Not Available
Vendor-argoprojargoprojRed Hat, Inc.
Product-argo_cdargo-cdRed Hat OpenShift GitOps 1.20Red Hat Openshift Data Foundation 4Red Hat OpenShift GitOps 1.19Red Hat OpenShift GitOps
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2026-33811
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.92%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:41
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crash when handling long CNAME response in net

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonetRed Hat OpenShift GitOps 1.21Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Multiarch Tuning OperatorRed Hat Connectivity Link 1Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorZero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Web Terminalstreams for Apache Kafka 3Red Hat 3scale API Management Platform 2External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Red Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Migration Toolkit for ContainersRed Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat OpenShift GitOps 1.20OpenShift ServerlessRed Hat Ceph Storage 9Compliance OperatorOpenShift Source-to-Image (S2I)Migration Toolkit for Applications 8Red Hat Developer Hub 1.9OpenShift LightspeedRHEM 1.0 for RHEL 9Red Hat Edge Manager 1.0Power monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9RHEM 1.1 for RHEL 10Red Hat Satellite 6Red Hat Edge Manager 1.1multicluster engine for Kubernetes 2.6Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat OpenShift Dev SpacesRed Hat AMQ ClientsLogical Volume Manager StorageFence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Lightspeed for Runtimes OperatorRed Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Multicluster Global HubRed Hat Service Interconnect 1Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenStack Services on OpenShift 18.0Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1341
Multiple Releases of Same Resource or Handle
CWE ID-CWE-415
Double Free
CVE-2026-27137
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.05%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 21:28
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect enforcement of email constraints in crypto/x509

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/x509Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorRed Hat OpenShift GitOps 1.18mirror registry for Red Hat OpenShift 2Service Telemetry Framework 1.5Red Hat Developer HubRed Hat Connectivity Link 1Red Hat Quay 3.16Multicluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerLogging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift Builds 1.6.5Logging Subsystem for Red Hat OpenShift 6.0streams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWSRed Hat Web Terminal 1.15Network Observability Operatorcert-manager Operator for Red Hat OpenShiftRed Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Red Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Red Hat OpenShift GitOps 1.20Logging Subsystem for Red Hat OpenShift 6.2Compliance OperatorRed Hat Advanced Cluster Security 4OpenShift ServerlessMigration Toolkit for Applications 8OpenShift LightspeedRHEM 1.0 for RHEL 9Power monitoring for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat OpenShift Builds 1.7.4DevWorkspace Operator 0.4ExternalDNS OperatorRed Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Satellite 6.18OpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3RHEM 1.1 for RHEL 10Red Hat Satellite 6Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat Edge Manager 1Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Web Terminal 1.12Fence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat Enterprise Linux 9.6 Extended Update SupportOpenShift API for Data Protection 1.4Red Hat OpenShift Dev Spaces 3.27Cryostat 4Red Hat OpenShift Virtualization 4OpenShift API for Data Protection 1.5Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenStack Services on OpenShift 18.0Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-295
Improper Certificate Validation