{ "threat_severity" : "Moderate", "public_date" : "2026-04-08T01:06:58Z", "bugzilla" : { "description" : "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "id" : "2456333", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2456333" }, "cvss3" : { "cvss3_base_score" : "5.9", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-1050", "details" : [ "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation." ], "statement" : "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19135", "cpe" : "cpe:/o:redhat:enterprise_linux:10.2", "package" : "opentelemetry-collector-0:0.144.0-2.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-05-20T00:00:00Z", "advisory" : "RHSA-2026:19719", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "opentelemetry-collector-0:0.144.0-2.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19353", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "opentelemetry-collector-0:0.144.0-2.el9_8" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-05-20T00:00:00Z", "advisory" : "RHSA-2026:19721", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "opentelemetry-collector-0:0.144.0-2.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-05-20T00:00:00Z", "advisory" : "RHSA-2026:19720", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "opentelemetry-collector-0:0.144.0-2.el9_6" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-09T00:00:00Z", "advisory" : "RHSA-2026:7291", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "golang1-26-main-1.26.2-1.hum1" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-10T00:00:00Z", "advisory" : "RHSA-2026:7385", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "golang1-25-main-1.25.9-1.hum1" } ], "package_state" : [ { "product_name" : "Assisted Installer for Red Hat OpenShift Container Platform 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/appliance", "cpe" : "cpe:/a:redhat:assisted_installer:2" }, { "product_name" : "Builds for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/openshift-builds-waiter-1-6", "cpe" : "cpe:/a:redhat:openshift_builds:1" }, { "product_name" : "Builds for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/openshift-builds-waiter-1-7", "cpe" : "cpe:/a:redhat:openshift_builds:1" }, { "product_name" : "cert-manager Operator for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/jetstack-cert-manager-1-17", "cpe" : "cpe:/a:redhat:cert_manager:1" }, { "product_name" : "cert-manager Operator for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/jetstack-cert-manager-1-18", "cpe" : "cpe:/a:redhat:cert_manager:1" }, { "product_name" : "Compliance Operator", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/compliance-operator-bundle-release", "cpe" : "cpe:/a:redhat:openshift_compliance_operator:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/osc-caa", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/trustee-operator", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Cryostat 4", "fix_state" : "Affected", "package_name" : "cryostat/cryostat-storage-rhel9", "cpe" : "cpe:/a:redhat:cryostat:4" }, { "product_name" : "Custom Metric Autoscaler operator for Red Hat Openshift", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/keda-adapter", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2" }, { "product_name" : "Deployment Validation Operator", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/deployment-validation-operator", "cpe" : "cpe:/a:redhat:deployment_validator_operator" }, { "product_name" : "ExternalDNS Operator", "fix_state" : "Affected", "package_name" : "edo/external-dns-rhel8", "cpe" : "cpe:/a:redhat:ext_dns_optr:1" }, { "product_name" : "ExternalDNS Operator", "fix_state" : "Affected", "package_name" : "edo/external-dns-rhel9", "cpe" : "cpe:/a:redhat:ext_dns_optr:1" }, { "product_name" : "External Secrets Operator for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "external-secrets-operator/external-secrets-rhel9", "cpe" : "cpe:/a:redhat:external_secrets_operator:1" }, { "product_name" : "Fence Agents Remediation Operator", "fix_state" : "Affected", "package_name" : "workload-availability/fence-agents-remediation-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_far:0" }, { "product_name" : "File Integrity Operator", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/file-integrity-operator-release", "cpe" : "cpe:/a:redhat:openshift_file_integrity_operator:1" }, { "product_name" : "Gatekeeper 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/gatekeeper-operator-3-18", "cpe" : "cpe:/a:redhat:gatekeeper:3" }, { "product_name" : "Gatekeeper 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/gatekeeper-operator-3-20", "cpe" : "cpe:/a:redhat:gatekeeper:3" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/art-images", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/logging-loki-v6-0", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/logging-loki-v6-2", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/logging-loki-v6-4", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logical Volume Manager Storage", "fix_state" : "Affected", "package_name" : "lvms4/topolvm-rhel8", "cpe" : "cpe:/a:redhat:lvms:4" }, { "product_name" : "Logical Volume Manager Storage", "fix_state" : "Affected", "package_name" : "lvms4/topolvm-rhel9", "cpe" : "cpe:/a:redhat:lvms:4" }, { "product_name" : "Logical Volume Manager Storage", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/lvm-operator", "cpe" : "cpe:/a:redhat:lvms:4" }, { "product_name" : "Machine Deletion Remediation Operator", "fix_state" : "Affected", "package_name" : "workload-availability/machine-deletion-remediation-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_mdr:0" }, { "product_name" : "Migration Toolkit for Applications 8", "fix_state" : "Affected", "package_name" : "mta/mta-cli-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8" }, { "product_name" : "Migration Toolkit for Applications 8", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/art-images", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8" }, { "product_name" : "Migration Toolkit for Containers", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/art-images", "cpe" : "cpe:/a:redhat:rhmt:1" }, { "product_name" : "mirror registry for Red Hat OpenShift 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/mirror-registry-v2-0", "cpe" : "cpe:/a:redhat:mirror_registry:2" }, { "product_name" : "Multiarch Tuning Operator", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multiarch-tuning-operator-v1-x", "cpe" : "cpe:/a:redhat:multiarch_tuning_operator" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/image-based-install-operator-mce-26", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/image-based-install-operator-mce-27", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kube-rbac-proxy-mce-210", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kube-rbac-proxy-mce-211", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kube-rbac-proxy-mce-28", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kube-rbac-proxy-mce-29", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "multicluster-globalhub/multicluster-globalhub-agent-rhel8", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "multicluster-globalhub/multicluster-globalhub-agent-rhel9", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "multicluster-globalhub/multicluster-globalhub-grafana-rhel9", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Network Observability Operator", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/flowlogs-pipeline-zstream", "cpe" : "cpe:/a:redhat:network_observ_optr:1" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Affected", "package_name" : "node-healthcheck-operator-tech-preview/node-healthcheck-operator-rhel8", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Affected", "package_name" : "node-healthcheck-operator-tech-preview/node-healthcheck-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Affected", "package_name" : "workload-availability/node-healthcheck-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "OpenShift API for Data Protection", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/art-images", "cpe" : "cpe:/a:redhat:openshift_api_data_protection:1" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "helm", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Lightspeed", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/openshift-mcp-server", "cpe" : "cpe:/a:redhat:openshift_lightspeed" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines-client", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Affected", "package_name" : "kn-workflow-plugin", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Affected", "package_name" : "openshift-serverless-clients", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kn-plugin-event-sender", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-2-6", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-3-0", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-3-1", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-3-2", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kiali-3-3", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Source-to-Image (S2I)", "fix_state" : "Affected", "package_name" : "source-to-image/source-to-image-rhel8", "cpe" : "cpe:/a:redhat:source_to_image:1" }, { "product_name" : "Power monitoring for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/kepler", "cpe" : "cpe:/a:redhat:openshift_power_monitoring" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Not affected", "package_name" : "3scale-amp2/3scale-rhel7-operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp2/3scale-rhel9-operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Will not fix", "package_name" : "redhat-user-workloads/volsync-0-13", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/volsync-0-14", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/volsync-0-15", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Affected", "package_name" : "rhacs-eng/release-main", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Affected", "package_name" : "amq7/amq-broker-rhel9-operator", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "automation-gateway-proxy", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-gateway-proxy-openssl30", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-gateway-proxy-openssl32", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3.11-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3.11-grpcio", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3.12-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3.12-grpcio", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3x-grpcio", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python-grpcio", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "receptor", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/aap-cluster-scoped-bundle-container-24", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/aap-cluster-scoped-bundle-container-25", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/aoc-azure-aap-installer-container", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Affected", "package_name" : "rhbac-4/hawtio-rhel8-operator", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Affected", "package_name" : "rhbac-4/hawtio-rhel9-operator", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Affected", "package_name" : "rhbac-4-tech-preview/hawtio-rhel8-operator", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "apicurio/apicurio-registry-rhel8-operator", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "apicurio/apicurio-registry-rhel9-operator", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat Certification Program for Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "redhat-certification-preflight", "cpe" : "cpe:/a:redhat:certifications:9" }, { "product_name" : "Red Hat Connectivity Link 1", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/rhcl-1-3-coredns", "cpe" : "cpe:/a:redhat:connectivity_link:1" }, { "product_name" : "Red Hat Developer Hub", "fix_state" : "Affected", "package_name" : "rhdh/rhdh-rhel9-operator", "cpe" : "cpe:/a:redhat:rhdh:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "flightctl", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/flightctl-ui", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "butane", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "conmon", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "delve", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "git-lfs", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "go-fdo-client", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "go-fdo-server", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "golang", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "golang-github-openprinting-ipp-usb", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "grafana-pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "gvisor-tap-vsock", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "ignition", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "image-builder", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "podman", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Will not fix", "package_name" : "redhat-user-workloads/bootc-image-builder-10-1", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "rhc", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "rhc-worker-playbook", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "skopeo", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "toolbox", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "trustee", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "trustee-guest-components", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "yggdrasil", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "host-metering", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "rhc", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "rhc-worker-script", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:rhel8/buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:rhel8/conmon", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:rhel8/containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:rhel8/podman", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:rhel8/runc", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:rhel8/skopeo", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:rhel8/toolbox", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "git-lfs", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "go-toolset:rhel8/golang", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "go-toolset:rhel8/go-toolset", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "grafana-pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "rhc", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "weldr-client", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "butane", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "conmon", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "git-lfs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "golang", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "go-toolset", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "grafana-pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "gvisor-tap-vsock", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "ignition", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "image-builder", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "podman", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/bootc-image-builder-9-6", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "rhc", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "runc", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "skopeo", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "toolbox", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "trustee-guest-components", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "weldr-client", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "golang", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat JBoss Web Server 6", "fix_state" : "Affected", "package_name" : "jboss-webserver/jws-rhel9-operator", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:6" }, { "product_name" : "Red Hat Lightspeed for Runtimes Operator", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/runtimes-inventory-operator", "cpe" : "cpe:/a:redhat:lightspeed_for_runtimes:1" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-cli-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Cluster Manager CLI", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/ocm-cli", "cpe" : "cpe:/a:redhat:openshift_cluster_manager_cli:1" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "butane", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "conmon", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "conmon-rs", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "containernetworking-plugins", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "cri-o", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "cri-tools", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "golang-github-prometheus-promu", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "ignition", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "kata-containers", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "microshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/frr-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-node", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-sdn-rhel7", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-sdn-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-sdn-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift-kuryr", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "ose-aws-ecr-image-credential-provider", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "ose-azure-acr-image-credential-provider", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "ose-gcp-gcr-image-credential-provider", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "podman", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/art-images", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "runc", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "skopeo", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "ocs4/cephcsi-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/cephcsi-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/cephcsi-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "rhceph-dev/odf4-cephcsi-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/udi-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Workspaces Operator", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/devworkspace-rhel9-operator", "cpe" : "cpe:/a:redhat:devworkspace" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/tempo", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift for Windows Containers", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/windows-machine-config-operator-release-4-18", "cpe" : "cpe:/a:redhat:windows_machine_config" }, { "product_name" : "Red Hat OpenShift for Windows Containers", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/windows-machine-config-operator-release-4-19", "cpe" : "cpe:/a:redhat:windows_machine_config" }, { "product_name" : "Red Hat OpenShift for Windows Containers", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/windows-machine-config-operator-release-4-20", "cpe" : "cpe:/a:redhat:windows_machine_config" }, { "product_name" : "Red Hat OpenShift for Windows Containers", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/windows-machine-config-operator-release-4-21", "cpe" : "cpe:/a:redhat:windows_machine_config" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/dex-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/dex-rhel9", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift on AWS", "fix_state" : "Affected", "package_name" : "rosa", "cpe" : "cpe:/a:redhat:openshift_service_on_aws:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "cnv-tech-preview/virt-api", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/virt-api", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/virt-api-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "kubevirt", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Affected", "package_name" : "etcd", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Affected", "package_name" : "golang-github-infrawatch-apputils", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/osp-director-agent", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Affected", "package_name" : "collectd-libpod-stats", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "etcd", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Affected", "package_name" : "golang-github-infrawatch-apputils", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/osp-director-agent", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Affected", "package_name" : "golang-github-openstack-k8s-operators-os-diff", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/sg-core", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-10", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-12", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Will not fix", "package_name" : "redhat-user-workloads/quay-quay-v3-13", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-14", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-15", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-16", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-17", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/quay-quay-v3-9", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/iop-ingress-sat-6-18", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite:el8/yggdrasil-worker-forwarder", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "yggdrasil-worker-forwarder", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Service Interconnect 1", "fix_state" : "Affected", "package_name" : "skupper-cli", "cpe" : "cpe:/a:redhat:service_interconnect:1" }, { "product_name" : "Red Hat Service Interconnect 2", "fix_state" : "Affected", "package_name" : "skupper-cli", "cpe" : "cpe:/a:redhat:service_interconnect:2" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/cli-v08", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "securesign/gitsign", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Web Terminal", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/web-terminal-exec-1-11", "cpe" : "cpe:/a:redhat:webterminal:1" }, { "product_name" : "Red Hat Web Terminal", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/web-terminal-exec-1-12", "cpe" : "cpe:/a:redhat:webterminal:1" }, { "product_name" : "Red Hat Web Terminal", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/web-terminal-exec-1-13", "cpe" : "cpe:/a:redhat:webterminal:1" }, { "product_name" : "Red Hat Web Terminal", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/web-terminal-exec-1-14", "cpe" : "cpe:/a:redhat:webterminal:1" }, { "product_name" : "Red Hat Web Terminal", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/web-terminal-exec-1-15", "cpe" : "cpe:/a:redhat:webterminal:1" }, { "product_name" : "Red Hat Web Terminal", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/web-terminal-exec-1-16", "cpe" : "cpe:/a:redhat:webterminal:1" }, { "product_name" : "Security Profiles Operator", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/security-profiles-operator-release", "cpe" : "cpe:/a:redhat:openshift_security_profiles_operator:1" }, { "product_name" : "Service Telemetry Framework 1.5", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/sg-core", "cpe" : "cpe:/a:redhat:stf:1.5" }, { "product_name" : "streams for Apache Kafka 3", "fix_state" : "Affected", "package_name" : "golang-github-danielqsj-kafka_exporter", "cpe" : "cpe:/a:redhat:amq_streams:3" }, { "product_name" : "Zero Trust Workload Identity Manager", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/spiffe-csi-driver-0-2-8", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:1" }, { "product_name" : "Zero Trust Workload Identity Manager - Tech Preview", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/spiffe-spire-agent-1-12-4", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-32281\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32281\nhttps://go.dev/cl/758061\nhttps://go.dev/issue/78281\nhttps://groups.google.com/g/golang-announce/c/0uYbvbPZRWU\nhttps://pkg.go.dev/vuln/GO-2026-4946" ], "name" : "CVE-2026-32281", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }