Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:36796 - Security Advisory
Issued:
2026-07-08
Updated:
2026-07-08

RHSA-2026:36796 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Red Hat Edge Manager Version 1.0.3 Security Update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat Edge Manager Version 1.0.3 Security Update

Description

Red Hat Edge Manager (RHEM) provides simple, scalable, and security-focused
management of edge devices and applications. It supports image-mode RHEL and
container workloads that run on Podman/Docker or Kubernetes.

RHEM is now available as a standalone feature, providing greater flexibility for
edge deployments. In addition to the standalone version, RHEM continues to be
offered as a plugin for the following platforms:

Red Hat Advanced Cluster Management (RHACM): Extends fleet management to edge
devices.
Red Hat Ansible Automation Platform (AAP): Integrates edge management with
Ansible automation.

This integration enables organizations to optimize the management and
orchestration of their fleets of edge devices; whether its thousands of
dispersed retail point-of-sale systems or industrial machinery on remote factory
floors.

Value for customers and partners:

  • This solution not only helps customers manage thousands of devices but helps

scale operations.

  • To manage large-scale deployments, customers need to be able to integrate with

their existing management systems, support remote configuration and over-the-air
updates, and collect telemetry data for advanced analytics.

  • Red Hat Edge Manager offers a simple and security-focused lifecycle

management, from onboarding to decommissioning of edge devices.

This complete end-to-end solution empowers organizations to gain the most value
from the fleets of devices that generate data, all from a centralized location.

Security fixes:

  • golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate (CVE-2026-39835)
  • golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses (CVE-2026-39830)
  • golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters (CVE-2026-39829)
  • golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions (CVE-2026-39828)
  • golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation (CVE-2026-46595)
  • golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions (CVE-2026-39832)
  • golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey (CVE-2026-42508)
  • golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)
  • Go net package: Denial of Service via long CNAME response in LookupCNAME (CVE-2026-33811)
  • Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)
  • Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application (CVE-2026-33810)
  • Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
  • Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
  • Go crypto/x509: Incorrect enforcement of email constraints (CVE-2026-27137)
  • Go net/url: Incorrect parsing of IPv6 host literals (CVE-2026-25679)
  • golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
  • github.com/jackc/pgx: Memory-safety vulnerability (CVE-2026-33815)
  • github.com/jackc/pgx: Memory-safety vulnerability (CVE-2026-33816)
  • gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)
  • Prometheus: Information disclosure of Azure OAuth client secret via config API (CVE-2026-42151)
  • Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint (CVE-2026-42154)
  • Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
  • Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code (CVE-2026-35469)

Solution

See the following documentation for details on how to enable Red Hat Edge Manager and more: https://docs.redhat.com/en/documentation/red_hat_edge_manager/1.0

Affected Products

  • Red Hat Edge Manager 1.0 x86_64
  • Red Hat Edge Manager 1.0 s390x
  • Red Hat Edge Manager 1.0 ppc64le
  • Red Hat Edge Manager 1.0 aarch64

Fixes

  • BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
  • BZ - 2445345 - CVE-2026-27137 crypto/x509: Incorrect enforcement of email constraints in crypto/x509
  • BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url
  • BZ - 2449833 - CVE-2026-33186 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
  • BZ - 2455972 - CVE-2026-33816 github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability
  • BZ - 2455975 - CVE-2026-33815 github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability
  • BZ - 2456333 - CVE-2026-32281 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation
  • BZ - 2456335 - CVE-2026-33810 crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application
  • BZ - 2456336 - CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
  • BZ - 2456338 - CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
  • BZ - 2456339 - CVE-2026-32280 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
  • BZ - 2457729 - CVE-2026-35469 Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code
  • BZ - 2466505 - CVE-2026-42154 github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint
  • BZ - 2466507 - CVE-2026-42151 github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API
  • BZ - 2467822 - CVE-2026-33811 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
  • BZ - 2480680 - CVE-2026-39835 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
  • BZ - 2480681 - CVE-2026-39829 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters
  • BZ - 2480684 - CVE-2026-39830 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses
  • BZ - 2480685 - CVE-2026-39832 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions
  • BZ - 2480687 - CVE-2026-39828 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions
  • BZ - 2480688 - CVE-2026-42508 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey
  • BZ - 2480689 - CVE-2026-46595 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation
  • BZ - 2480756 - CVE-2026-39821 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

CVEs

  • CVE-2025-61729
  • CVE-2026-25679
  • CVE-2026-27137
  • CVE-2026-32280
  • CVE-2026-32281
  • CVE-2026-32282
  • CVE-2026-32283
  • CVE-2026-33186
  • CVE-2026-33810
  • CVE-2026-33811
  • CVE-2026-33815
  • CVE-2026-33816
  • CVE-2026-35469
  • CVE-2026-39821
  • CVE-2026-39828
  • CVE-2026-39829
  • CVE-2026-39830
  • CVE-2026-39832
  • CVE-2026-39835
  • CVE-2026-42151
  • CVE-2026-42154
  • CVE-2026-42508
  • CVE-2026-46595

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/managing_device_fleets_with_the_red_hat_edge_manager/assembly-edge-manager-intro
  • https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.15/html-single/edge_manager/index#edge-mgr-intro
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Edge Manager 1.0

SRPM
flightctl-1.0.3-1.el9em.src.rpm SHA-256: 0ddb44e9a966bce0f801b14ab67cea76b79e73e75838681bddfbdc6f1a6d0489
x86_64
flightctl-agent-1.0.3-1.el9em.x86_64.rpm SHA-256: dbb774df07158ffdccc82cdb46bf20ce216b6af0c06261489e9644bc442d6cab
flightctl-cli-1.0.3-1.el9em.x86_64.rpm SHA-256: a10b4bafa50ea7beefe23465364122153a45fe2ff3acbf125cb4f417bdede08d
flightctl-observability-1.0.3-1.el9em.x86_64.rpm SHA-256: 2ca941fbe5f5f03e458fb6628e59ef1ebceb6341eca39b2ebaae94e28f50cbc6
flightctl-selinux-1.0.3-1.el9em.noarch.rpm SHA-256: 6b9ece14a0089a94f060e97c575ad276914ed12a6494521fac9a70fb7621c8c3
flightctl-services-1.0.3-1.el9em.x86_64.rpm SHA-256: 21e4f301f9abe2eb6c3b6fbc25294b032e1fc46cfe7ade4a3f8b1d03d24cbfe2
flightctl-telemetry-gateway-1.0.3-1.el9em.x86_64.rpm SHA-256: 891c6f1049f3c9f52796df6dbe0043f9d73a750b032b7a119ef24494d7b0f861
s390x
flightctl-agent-1.0.3-1.el9em.s390x.rpm SHA-256: bf2a266aea42fc10a3294686c63ab2c6fee8f8b971aaa5e2f130f7d4080c8665
flightctl-cli-1.0.3-1.el9em.s390x.rpm SHA-256: dbd7d649b244fb4a6357e39e2dc6805e88c36a0ded9205df2ffb4cc52fb5bccf
flightctl-observability-1.0.3-1.el9em.s390x.rpm SHA-256: 80187748adffb6c54da342a4bc4af243c9e7d66bcf6971381fd1e0334754ed95
flightctl-selinux-1.0.3-1.el9em.noarch.rpm SHA-256: 6b9ece14a0089a94f060e97c575ad276914ed12a6494521fac9a70fb7621c8c3
flightctl-services-1.0.3-1.el9em.s390x.rpm SHA-256: dd64ad9b280b77f3386b9bc246e0d2710299c7dcdb32975bb091e736801d2d67
flightctl-telemetry-gateway-1.0.3-1.el9em.s390x.rpm SHA-256: 8320ad15d7a1c76409ecf64ae03df51c8fd80af22f6b16dc03226892b52c99b9
ppc64le
flightctl-agent-1.0.3-1.el9em.ppc64le.rpm SHA-256: 56658844a533cb10a6fc5a5f4c2a4553b7185b8110277725fa679925d4ac670d
flightctl-cli-1.0.3-1.el9em.ppc64le.rpm SHA-256: 4d346bc3c1c0c8c227515c60e51ead1c56db4f420195f4d58c05547fff06c9cf
flightctl-observability-1.0.3-1.el9em.ppc64le.rpm SHA-256: 1256a6ed1d2c5a26dd8fc5699b048dbedde5cdd4884cda4844f181c67271edf2
flightctl-selinux-1.0.3-1.el9em.noarch.rpm SHA-256: 6b9ece14a0089a94f060e97c575ad276914ed12a6494521fac9a70fb7621c8c3
flightctl-services-1.0.3-1.el9em.ppc64le.rpm SHA-256: 512c9da4888213e45d31580554ce1189c813f5e913033de9ad6a97c3e6d8bf0b
flightctl-telemetry-gateway-1.0.3-1.el9em.ppc64le.rpm SHA-256: f79510d0324bdaafdb0f293a78873c26737c309c81c22012a0114684aecb9947
aarch64
flightctl-agent-1.0.3-1.el9em.aarch64.rpm SHA-256: 251ea5a059bec1562c4f28113349b19a62ba5be0610e8f0140297e6a4214b9fc
flightctl-cli-1.0.3-1.el9em.aarch64.rpm SHA-256: ad01f12e95e5a30941a603b734da24b1b193e523dc32d1b4eeaf950df7cb5d7c
flightctl-observability-1.0.3-1.el9em.aarch64.rpm SHA-256: bcc2b7495484f6e522fc260cfabbe829a764fcd04c63960fa2b4438e29457f4d
flightctl-selinux-1.0.3-1.el9em.noarch.rpm SHA-256: 6b9ece14a0089a94f060e97c575ad276914ed12a6494521fac9a70fb7621c8c3
flightctl-services-1.0.3-1.el9em.aarch64.rpm SHA-256: 84577e0a53a6a3fd5c56efde6a8e55373d730b0585f55987941a7829ef2c085b
flightctl-telemetry-gateway-1.0.3-1.el9em.aarch64.rpm SHA-256: 8b795f115cf0a383c206a7e1423c5d6b635749515c5246f35e71e51b9e4ccc67

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility