- Issued:
- 2026-05-05
- Updated:
- 2026-05-07
RHSA-2026:13826 - Security Advisory
Synopsis
Red Hat Developer Hub 1.9.4 release.
Type/Severity
Security Advisory: Critical
Topic
Red Hat Developer Hub 1.9.4 has been released.
Description
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Solution
For more about Red Hat Developer Hub, see References links
Affected Products
- Red Hat Developer Hub
Fixes
- RHDHBUGS-2981 - Theme: Sidebar background color is inherited on the main page background
- RHDHBUGS-2970 - extraErrors Not Displayed for Deeply Nested Multi-Step Schemas
- RHDHBUGS-2967 - Enabling global header plugin overrides theme setting with unwanted outline/border styles
- RHDHBUGS-2935 - My Group menu Item has broken styling
- RHDHBUGS-2922 - RHDH upgrade to 1.9 fails if CRD status contains v1alpha1 or v1alpha2 as storedVersion
- RHDHBUGS-2920 - [Orchestrator] schemaUpdater replaces first matching section instead of the triggering section when multiple schemaUpdater blocks are defined
CVEs
- CVE-2025-62718
- CVE-2025-69534
- CVE-2026-1525
- CVE-2026-1526
- CVE-2026-1528
- CVE-2026-2229
- CVE-2026-27601
- CVE-2026-27904
- CVE-2026-29063
- CVE-2026-29074
- CVE-2026-29186
- CVE-2026-3118
- CVE-2026-32141
- CVE-2026-32280
- CVE-2026-32282
- CVE-2026-33228
- CVE-2026-33891
- CVE-2026-33894
- CVE-2026-33895
- CVE-2026-33896
- CVE-2026-39983
- CVE-2026-40175
- CVE-2026-40895
- CVE-2026-4800
- CVE-2026-4926
References
- https://access.redhat.com/security/updates/classification/
- https://catalog.redhat.com/search?gs&searchType=containers&q=rhdh
- https://developers.redhat.com/rhdh/overview
- https://docs.redhat.com/en/documentation/red_hat_developer_hub
- https://issues.redhat.com/browse/RHDHBUGS-2981
- https://issues.redhat.com/browse/RHDHBUGS-2970
- https://issues.redhat.com/browse/RHDHBUGS-2967
- https://issues.redhat.com/browse/RHDHBUGS-2935
- https://issues.redhat.com/browse/RHDHBUGS-2922
- https://issues.redhat.com/browse/RHDHBUGS-2920
amd64
| registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:80453720616cee369e9f79863ef1815a2741afdeb25d3572085d11ad54afa9a0 |
| registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:7118207df52574eb4eb9a6b35aa23eef8029937c2ace807b5e132bcc5188a972 |
| registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:47c3fc5bfb21e980f0fa6c510c48c97982649c7f27d9d486a19391c56c9531ff |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
