RHSA-2026:8151 - Security Advisory

Topic

Submariner v0.22 General Availability release images, which provide enhancements, security fixes, and updated container images.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Red Hat Advanced Cluster Management for Kubernetes v2.15

Description

Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters.

For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.

Solution

For release note details, see the upstream Submariner release notes:

https://submariner.io/community/releases/

Downstream-specific issues resolved:

• ACM-28330
• ACM-28332
• ACM-28334
• ACM-28336
• ACM-28338
• ACM-28340
• ACM-28343
• ACM-29328
• ACM-29512
• ACM-29661
• ACM-29662
• ACM-29681
• ACM-29682
• ACM-29683
• ACM-29684
• ACM-29777
• ACM-29801
• ACM-30135
• ACM-30730
• ACM-30731
• ACM-31135
• ACM-31137
• ACM-31861
• ACM-31872
• ACM-31874
• ACM-23783
• ACM-24731
• ACM-24797
• ACM-25518
• ACM-26321
• ACM-26965
• ACM-27273
• ACM-28917
• ACM-30321
• ACM-30640
• ACM-30970
• ACM-8640

For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:

https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/

Fixes

• ACM-23783 - Submariner Gateway: Add support for IPv6 VxLAN tunnels.
• ACM-24797 - Connection status between two clusters goes from Connected to Connecting from both directions
• ACM-25518 - Update the Submariner documentation to include OVN Ipsec Support.
• ACM-26321 - Cannot create new LoadBalancer Service types on AWS after installing Submariner
• ACM-26965 - Following submariner migration to nftables, orphaned iptables rules are not being deleted.
• ACM-27273 - Not able to build submariner components for IBM Power and Z
• ACM-30321 - "subctl cloud prepare aws" creates machine that will not be provisioned as node
• ACM-30640 - Submariner does not establish connections in AWS
• ACM-30970 - Add in prequsites section : Avoid port 4500 for openstack
• ACM-8640 - Submariner: add Nftables support

CVEs

• CVE-2025-61726
• CVE-2025-61728
• CVE-2025-61729
• CVE-2025-68121
• CVE-2025-68151
• CVE-2026-21441
• CVE-2026-25679
• CVE-2026-26017
• CVE-2026-26018
• CVE-2026-27137
• CVE-2026-33186

References

• https://access.redhat.com/security/updates/classification/