{ "threat_severity" : "Important", "public_date" : "2026-03-06T21:28:13Z", "bugzilla" : { "description" : "crypto/x509: Incorrect enforcement of email constraints in crypto/x509", "id" : "2445345", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2445345" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-295", "details" : [ "When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.", "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10169", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "rhc-worker-playbook-0:0.2.3-4.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-04-20T00:00:00Z", "advisory" : "RHSA-2026:8842", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "delve-0:1.25.2-3.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19022", "cpe" : "cpe:/o:redhat:enterprise_linux:10.2", "package" : "golang-0:1.26.2-2.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19049", "cpe" : "cpe:/o:redhat:enterprise_linux:10.2", "package" : "golang-github-openprinting-ipp-usb-0:0.9.27-6.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19132", "cpe" : "cpe:/o:redhat:enterprise_linux:10.2", "package" : "rhc-worker-playbook-0:0.2.7-3.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:10929", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "rhc-worker-playbook-0:0.2.3-4.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19181", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "golang-0:1.26.2-1.el9_8" }, { "product_name" : "DevWorkspace Operator 0.4", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9872", "cpe" : "cpe:/a:redhat:devworkspace:0.40::el9", "package" : "devworkspace/devworkspace-rhel9-operator:1776457293" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift 6.2", "release_date" : "2026-04-29T00:00:00Z", "advisory" : "RHSA-2026:11800", "cpe" : "cpe:/a:redhat:logging:6.2::el9", "package" : "openshift-logging/eventrouter-rhel9:1776800087" }, { "product_name" : "Multicluster Global Hub 1.5.4", "release_date" : "2026-05-28T00:00:00Z", "advisory" : "RHSA-2026:21769", "cpe" : "cpe:/a:redhat:multicluster_globalhub:1.5::el9", "package" : "multicluster-globalhub/multicluster-globalhub-agent-rhel9:1779828691" }, { "product_name" : "Multicluster Global Hub 1.5.4", "release_date" : "2026-03-19T00:00:00Z", "advisory" : "RHSA-2026:5110", "cpe" : "cpe:/a:redhat:multicluster_globalhub:1.5::el9", "package" : "multicluster-globalhub/multicluster-globalhub-agent-rhel9:1773650627" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.15", "release_date" : "2026-04-14T00:00:00Z", "advisory" : "RHSA-2026:8151", "cpe" : "cpe:/a:redhat:acm:2.15::el9", "package" : "rhacm2/subctl-rhel9:1774085848" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13545", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/receptor-rhel9:1777391542" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-09T00:00:00Z", "advisory" : "RHSA-2026:7291", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "golang1-26-main-1.26.2-1.hum1" }, { "product_name" : "Red Hat Lightspeed (formerly Insights) for Runtimes 1.0", "release_date" : "2026-04-20T00:00:00Z", "advisory" : "RHSA-2026:9052", "cpe" : "cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9", "package" : "rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator:1.0.2-1776288486" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10184", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-rhel9-operator:1776773362" }, { "product_name" : "Red Hat OpenShift Builds 1.6.5", "release_date" : "2026-03-24T00:00:00Z", "advisory" : "RHSA-2026:5549", "cpe" : "cpe:/a:redhat:openshift_builds:1.6::el9", "package" : "openshift-builds/openshift-builds-waiters-rhel9:1774334066" }, { "product_name" : "Red Hat OpenShift Builds 1.7.2", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10158", "cpe" : "cpe:/a:redhat:openshift_builds:1.7::el9", "package" : "openshift-builds/openshift-builds-waiters-rhel9:1776846936" }, { "product_name" : "Red Hat OpenShift Builds 1.7.2", "release_date" : "2026-04-28T00:00:00Z", "advisory" : "RHSA-2026:11331", "cpe" : "cpe:/a:redhat:openshift_builds:1.7::el9", "package" : "openshift-builds/openshift-builds-waiters-rhel9:1776846936" }, { "product_name" : "Red Hat OpenShift Dev Spaces 3.27", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10175", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.27::el9", "package" : "devspaces/udi-rhel9:1776789889" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.9.3", "release_date" : "2026-04-21T00:00:00Z", "advisory" : "RHSA-2026:9385", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9", "package" : "rhosdt/tempo-rhel9:1776435680" }, { "product_name" : "Red Hat OpenShift GitOps 1.18", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9697", "cpe" : "cpe:/a:redhat:openshift_gitops:1.18::el8", "package" : "openshift-gitops-1/dex-rhel8:1776755965" }, { "product_name" : "Red Hat OpenShift GitOps 1.19", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9698", "cpe" : "cpe:/a:redhat:openshift_gitops:1.19::el8", "package" : "openshift-gitops-1/dex-rhel8:1776767162" }, { "product_name" : "Red Hat OpenShift GitOps 1.2", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9699", "cpe" : "cpe:/a:redhat:openshift_gitops:1.20::el9", "package" : "openshift-gitops-1/dex-rhel9:1776773421" }, { "product_name" : "Red Hat Quay 3.16", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19375", "cpe" : "cpe:/a:redhat:quay:3.16::el9", "package" : "quay/quay-rhel9:1779204086" }, { "product_name" : "Red Hat Satellite 6.18", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14879", "cpe" : "cpe:/a:redhat:satellite:6.18::el9", "package" : "satellite/iop-vmaas-rhel9:1778082595" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.3", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10125", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.3::el9", "package" : "rhtas/client-server-rhel9:1776339099" }, { "product_name" : "Red Hat Web Terminal 1.11", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10250", "cpe" : "cpe:/a:redhat:webterminal:1.11::el9", "package" : "web-terminal/web-terminal-exec-rhel9:1776966691" }, { "product_name" : "Red Hat Web Terminal 1.12", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10225", "cpe" : "cpe:/a:redhat:webterminal:1.12::el9", "package" : "web-terminal/web-terminal-exec-rhel9:1776959849" }, { "product_name" : "Red Hat Web Terminal 1.13", "release_date" : "2026-04-15T00:00:00Z", "advisory" : "RHSA-2026:8338", "cpe" : "cpe:/a:redhat:webterminal:1.13::el9", "package" : "web-terminal/web-terminal-exec-rhel9:1776197785" }, { "product_name" : "Red Hat Web Terminal 1.14", "release_date" : "2026-04-15T00:00:00Z", "advisory" : "RHSA-2026:8337", "cpe" : "cpe:/a:redhat:webterminal:1.14::el9", "package" : "web-terminal/web-terminal-exec-rhel9:1776199398" }, { "product_name" : "Red Hat Web Terminal 1.15", "release_date" : "2026-04-14T00:00:00Z", "advisory" : "RHSA-2026:8167", "cpe" : "cpe:/a:redhat:webterminal:1.15::el9", "package" : "web-terminal/web-terminal-exec-rhel9:1775672762" } ], "package_state" : [ { "product_name" : "Assisted Installer for Red Hat OpenShift Container Platform 2", "fix_state" : "Affected", "package_name" : "rhai/assisted-installer-rhel9", "cpe" : "cpe:/a:redhat:assisted_installer:2" }, { "product_name" : "cert-manager Operator for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "cert-manager/jetstack-cert-manager-rhel9", "cpe" : "cpe:/a:redhat:cert_manager:1" }, { "product_name" : "Compliance Operator", "fix_state" : "Not affected", "package_name" : "compliance/openshift-compliance-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_compliance_operator:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Affected", "package_name" : "build-of-trustee/trustee-rhel9-operator", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Affected", "package_name" : "openshift-sandboxed-containers/osc-monitor-rhel9", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Cryostat 4", "fix_state" : "Not affected", "package_name" : "cryostat/cryostat-storage-rhel9", "cpe" : "cpe:/a:redhat:cryostat:4" }, { "product_name" : "Custom Metric Autoscaler operator for Red Hat Openshift", "fix_state" : "Not affected", "package_name" : "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2" }, { "product_name" : "Deployment Validation Operator", "fix_state" : "Affected", "package_name" : "dvo/deployment-validation-rhel8-operator", "cpe" : "cpe:/a:redhat:deployment_validator_operator" }, { "product_name" : "ExternalDNS Operator", "fix_state" : "Affected", "package_name" : "edo/external-dns-rhel8", "cpe" : "cpe:/a:redhat:ext_dns_optr:1" }, { "product_name" : "ExternalDNS Operator", "fix_state" : "Affected", "package_name" : "edo/external-dns-rhel9", "cpe" : "cpe:/a:redhat:ext_dns_optr:1" }, { "product_name" : "External Secrets Operator for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "external-secrets-operator/external-secrets-rhel9", "cpe" : "cpe:/a:redhat:external_secrets_operator:1" }, { "product_name" : "Fence Agents Remediation Operator", "fix_state" : "Affected", "package_name" : "workload-availability/fence-agents-remediation-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_far:0" }, { "product_name" : "File Integrity Operator", "fix_state" : "Not affected", "package_name" : "compliance/openshift-compliance-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_file_integrity_operator:1" }, { "product_name" : "Gatekeeper 3", "fix_state" : "Affected", "package_name" : "gatekeeper/gatekeeper-rhel9-operator", "cpe" : "cpe:/a:redhat:gatekeeper:3" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/logging-loki-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logical Volume Manager Storage", "fix_state" : "Affected", "package_name" : "lvms4/lvms-rhel9-operator", "cpe" : "cpe:/a:redhat:lvms:4" }, { "product_name" : "Logical Volume Manager Storage", "fix_state" : "Affected", "package_name" : "lvms4/topolvm-rhel8", "cpe" : "cpe:/a:redhat:lvms:4" }, { "product_name" : "Logical Volume Manager Storage", "fix_state" : "Affected", "package_name" : "lvms4/topolvm-rhel9", "cpe" : "cpe:/a:redhat:lvms:4" }, { "product_name" : "Machine Deletion Remediation Operator", "fix_state" : "Not affected", "package_name" : "workload-availability/machine-deletion-remediation-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_mdr:0" }, { "product_name" : "Migration Toolkit for Applications 8", "fix_state" : "Affected", "package_name" : "mta/mta-cli-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8" }, { "product_name" : "Migration Toolkit for Containers", "fix_state" : "Affected", "package_name" : "rhmtc/openshift-migration-registry-rhel8", "cpe" : "cpe:/a:redhat:rhmt:1" }, { "product_name" : "mirror registry for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "openshift/mirror-registry-rhel8", "cpe" : "cpe:/a:redhat:mirror_registry:1" }, { "product_name" : "mirror registry for Red Hat OpenShift 2", "fix_state" : "Not affected", "package_name" : "openshift/mirror-registry-rhel8", "cpe" : "cpe:/a:redhat:mirror_registry:2" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Not affected", "package_name" : "multicluster-engine/discovery-rhel9", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Network Observability Operator", "fix_state" : "Not affected", "package_name" : "network-observability/network-observability-cli-rhel9", "cpe" : "cpe:/a:redhat:network_observ_optr:1" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Affected", "package_name" : "workload-availability/node-healthcheck-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "OpenShift API for Data Protection", "fix_state" : "Affected", "package_name" : "oadp/oadp-velero-rhel9", "cpe" : "cpe:/a:redhat:openshift_api_data_protection:1" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "helm", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "ocp-tools-4/jenkins-agent-base-rhel9", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "ocp-tools-4/jenkins-rhel8", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Lightspeed", "fix_state" : "Affected", "package_name" : "openshift-lightspeed/lightspeed-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_lightspeed" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines-client", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Not affected", "package_name" : "kn-workflow-plugin", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Affected", "package_name" : "openshift-serverless-1/kn-plugin-event-sender-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Affected", "package_name" : "openshift-serverless-clients", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/kiali-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/kiali-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "Power monitoring for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-power-monitoring/kepler-rhel9", "cpe" : "cpe:/a:redhat:openshift_power_monitoring" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp2/3scale-rhel7-operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp2/3scale-rhel9-operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp26/3scale-operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp26/operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform/platform-operator-bundle", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-gateway-proxy", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-gateway-proxy-openssl30", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-gateway-proxy-openssl32", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3.11-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3.11-grpcio", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3.12-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3.12-grpcio", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3x-grpcio", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python-grpcio", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "receptor", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Will not fix", "package_name" : "hawtio-operator-container", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat Certification Program for Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "redhat-certification-preflight", "cpe" : "cpe:/a:redhat:certifications:9" }, { "product_name" : "Red Hat Connectivity Link 1", "fix_state" : "Affected", "package_name" : "rhcl-1/coredns-rhel9", "cpe" : "cpe:/a:redhat:connectivity_link:1" }, { "product_name" : "Red Hat Developer Hub", "fix_state" : "Will not fix", "package_name" : "rhdh/rhdh-rhel9-operator", "cpe" : "cpe:/a:redhat:rhdh:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "flightctl", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Not affected", "package_name" : "rhem/flightctl-ui-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Will not fix", "package_name" : "butane", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "conmon", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "git-lfs", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "go-fdo-client", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "go-fdo-server", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "grafana-pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "gvisor-tap-vsock", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Will not fix", "package_name" : "ignition", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "image-builder", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Will not fix", "package_name" : "opentelemetry-collector", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "podman", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "rhc", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "rhel10/bootc-image-builder", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "skopeo", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "toolbox", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "trustee", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "trustee-guest-components", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "yggdrasil", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "host-metering", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "rhc", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "rhc-worker-script", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:rhel8/buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:rhel8/conmon", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:rhel8/containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:rhel8/podman", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:rhel8/runc", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:rhel8/skopeo", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:rhel8/toolbox", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "git-lfs", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "go-toolset:rhel8/golang", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana-pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "rhc", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "weldr-client", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "butane", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "conmon", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "git-lfs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "grafana-pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "gvisor-tap-vsock", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "ignition", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "image-builder", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "opentelemetry-collector", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "podman", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "rhc", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "rhel9/bootc-image-builder", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "runc", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "skopeo", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "toolbox", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "trustee-guest-components", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "weldr-client", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "golang", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-cli-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Cluster Manager CLI", "fix_state" : "Affected", "package_name" : "ocm-cli-clients/ocm-cli-rhel9", "cpe" : "cpe:/a:redhat:openshift_cluster_manager_cli:1" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "butane", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "conmon", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "conmon-rs", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "containernetworking-plugins", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "cri-o", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "cri-tools", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "golang-github-prometheus-promu", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "ignition", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "kata-containers", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "microshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/frr-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/frr-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-sdn-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift-kuryr", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "ose-aws-ecr-image-credential-provider", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "ose-azure-acr-image-credential-provider", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "ose-gcp-gcr-image-credential-provider", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "podman", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "runc", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "skopeo", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/cephcsi-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift for Windows Containers", "fix_state" : "Not affected", "package_name" : "openshift4-wincw/windows-machine-config-rhel9-operator", "cpe" : "cpe:/a:redhat:windows_machine_config" }, { "product_name" : "Red Hat OpenShift on AWS", "fix_state" : "Affected", "package_name" : "rosa", "cpe" : "cpe:/a:redhat:openshift_service_on_aws:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-api", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-api-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "kubevirt", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Affected", "package_name" : "etcd", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Affected", "package_name" : "golang-github-infrawatch-apputils", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "rhosp-rhel8/osp-director-agent", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "collectd-libpod-stats", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "etcd", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Affected", "package_name" : "golang-github-infrawatch-apputils", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "rhosp-rhel9/osp-director-agent", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Affected", "package_name" : "golang-github-openstack-k8s-operators-os-diff", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Affected", "package_name" : "rhoso-operators/sg-core-rhel9", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Not affected", "package_name" : "quay/quay-builder-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Will not fix", "package_name" : "quay/quay-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "satellite:el8/yggdrasil-worker-forwarder", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "yggdrasil-worker-forwarder", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Service Interconnect 1", "fix_state" : "Affected", "package_name" : "skupper-cli", "cpe" : "cpe:/a:redhat:service_interconnect:1" }, { "product_name" : "Red Hat Service Interconnect 2", "fix_state" : "Affected", "package_name" : "skupper-cli", "cpe" : "cpe:/a:redhat:service_interconnect:2" }, { "product_name" : "Security Profiles Operator", "fix_state" : "Not affected", "package_name" : "compliance/openshift-selinuxd-rhel8", "cpe" : "cpe:/a:redhat:openshift_security_profiles_operator:1" }, { "product_name" : "Service Telemetry Framework 1.5", "fix_state" : "Not affected", "package_name" : "stf/sg-core-rhel9", "cpe" : "cpe:/a:redhat:stf:1.5" }, { "product_name" : "streams for Apache Kafka 3", "fix_state" : "Affected", "package_name" : "golang-github-danielqsj-kafka_exporter", "cpe" : "cpe:/a:redhat:amq_streams:3" }, { "product_name" : "Zero Trust Workload Identity Manager", "fix_state" : "Affected", "package_name" : "zero-trust-workload-identity-manager/spiffe-csi-driver-rhel9", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:1" }, { "product_name" : "Zero Trust Workload Identity Manager - Tech Preview", "fix_state" : "Will not fix", "package_name" : "zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-27137\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27137\nhttps://go.dev/cl/752182\nhttps://go.dev/issue/77952\nhttps://groups.google.com/g/golang-announce/c/EdhZqrQ98hk\nhttps://pkg.go.dev/vuln/GO-2026-4599" ], "name" : "CVE-2026-27137", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }