Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25639 (GCVE-0-2026-25639)
Vulnerability from cvelistv5 – Published: 2026-02-09 20:11 – Updated: 2026-02-10 15:59
VLAI?
EPSS
Title
Axios affected by Denial of Service via __proto__ Key in mergeConfig
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in 1.13.5.
Severity ?
7.5 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:39:46.394625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T15:59:44.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003c 1.13.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in 1.13.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T20:11:22.374Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
},
{
"name": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"name": "https://github.com/axios/axios/releases/tag/v1.13.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
}
],
"source": {
"advisory": "GHSA-43fc-jf86-j433",
"discovery": "UNKNOWN"
},
"title": "Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25639",
"datePublished": "2026-02-09T20:11:22.374Z",
"dateReserved": "2026-02-04T05:15:41.791Z",
"dateUpdated": "2026-02-10T15:59:44.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25639\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-09T21:15:49.010\",\"lastModified\":\"2026-02-09T21:55:30.093\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in 1.13.5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"references\":[{\"url\":\"https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/axios/axios/releases/tag/v1.13.5\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25639\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-10T15:39:46.394625Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-10T15:39:47.277Z\"}}], \"cna\": {\"title\": \"Axios affected by Denial of Service via __proto__ Key in mergeConfig\", \"source\": {\"advisory\": \"GHSA-43fc-jf86-j433\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"axios\", \"product\": \"axios\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.13.5\"}]}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433\", \"name\": \"https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57\", \"name\": \"https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/axios/axios/releases/tag/v1.13.5\", \"name\": \"https://github.com/axios/axios/releases/tag/v1.13.5\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in 1.13.5.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-754\", \"description\": \"CWE-754: Improper Check for Unusual or Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-09T20:11:22.374Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25639\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-10T15:59:44.468Z\", \"dateReserved\": \"2026-02-04T05:15:41.791Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-09T20:11:22.374Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:2694
Vulnerability from csaf_redhat - Published: 2026-02-12 22:32 - Updated: 2026-02-13 19:43Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Notes
Topic
A Subscription Management tool for finding and reporting Red Hat product usage
Details
Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,
identifies, and reports environment data, or facts, such as the number of physical and virtual
systems on a network, their operating systems, and relevant configuration data stored within
them. Discovery also identifies and reports more detailed facts for some versions of key
Red Hat packages and products that it finds in the network.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2694",
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14550",
"url": "https://access.redhat.com/security/cve/CVE-2025-14550"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1207",
"url": "https://access.redhat.com/security/cve/CVE-2026-1207"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1285",
"url": "https://access.redhat.com/security/cve/CVE-2026-1285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1287",
"url": "https://access.redhat.com/security/cve/CVE-2026-1287"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1312",
"url": "https://access.redhat.com/security/cve/CVE-2026-1312"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2694.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-02-13T19:43:40+00:00",
"generator": {
"date": "2026-02-13T19:43:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2694",
"initial_release_date": "2026-02-12T22:32:47+00:00",
"revision_history": [
{
"date": "2026-02-12T22:32:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-12T22:32:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-13T19:43:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Af5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1770913597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1770913709"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Acdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1770913597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1770913709"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-14550",
"cwe": {
"id": "CWE-167",
"name": "Improper Handling of Additional Special Element"
},
"discovery_date": "2026-02-03T15:01:12.970018+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service (DoS), making the affected system unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: Denial of Service via crafted request with duplicate headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact denial-of-service flaw in Django affects Red Hat products utilizing the ASGIRequest component, such as Red Hat Ansible Automation Platform, Red Hat Discovery, and Red Hat Satellite. A remote attacker could send specially crafted requests containing duplicate headers, potentially rendering the affected system unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14550"
},
{
"category": "external",
"summary": "RHBZ#2436341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14550",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14550"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14550",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14550"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
}
],
"release_date": "2026-02-03T14:38:15.875000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Django: Django: Denial of Service via crafted request with duplicate headers"
},
{
"cve": "CVE-2026-1207",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-02-03T15:00:58.388707+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on `RasterField` (only implemented on PostGIS). This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: SQL Injection via RasterField band index parameter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw affects Django\u0027s `RasterField` when utilized with PostGIS, allowing remote SQL injection via the band index parameter. Red Hat Ansible Automation Platform, Red Hat Discovery, Red Hat Satellite, Insights, and Ansible Services are impacted if configured to use Django with PostGIS `RasterField` lookups. Successful exploitation could lead to unauthorized data access, modification, or denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1207"
},
{
"category": "external",
"summary": "RHBZ#2436338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1207",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1207"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
}
],
"release_date": "2026-02-03T14:35:33.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: Django: SQL Injection via RasterField band index parameter"
},
{
"cve": "CVE-2026-1285",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-02-03T15:01:06.283620+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (when `html=True`), or through the `truncatechars_html` and `truncatewords_html` template filters. This can lead to a denial-of-service (DoS) condition, making the application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: Denial of Service via crafted HTML inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a MODERATE impact denial-of-service flaw in Django. Applications utilizing Django that process untrusted HTML inputs with a large number of unmatched end tags through the `Truncator.chars()` or `Truncator.words()` methods (with `html=True`), or the `truncatechars_html` and `truncatewords_html` template filters, may experience resource exhaustion. This can lead to the application becoming unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1285"
},
{
"category": "external",
"summary": "RHBZ#2436340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1285"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
}
],
"release_date": "2026-02-03T14:35:50.254000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing Django should avoid processing untrusted HTML content through the `django.utils.text.Truncator.chars()` and `Truncator.words()` methods with `html=True`, or the `truncatechars_html` and `truncatewords_html` template filters. Restrict the use of these functions to only trusted inputs where the HTML structure is controlled and validated.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Django: Django: Denial of Service via crafted HTML inputs"
},
{
"cve": "CVE-2026-1287",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-02-03T15:01:03.441713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to `QuerySet` methods like `annotate()` or `values()`, it can lead to the execution of arbitrary SQL commands. This could result in unauthorized access to sensitive data or modification of information within the database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: SQL Injection via crafted column aliases",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT SQL injection flaw in Django allows a remote attacker to execute arbitrary SQL commands by crafting column aliases. This vulnerability affects Red Hat products that incorporate Django, such as Red Hat Ansible Automation Platform, Red Hat Discovery, Red Hat Satellite, Insights, and Ansible Services, potentially leading to unauthorized data access or modification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1287"
},
{
"category": "external",
"summary": "RHBZ#2436339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1287",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1287"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
}
],
"release_date": "2026-02-03T14:36:03.630000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: Django: SQL Injection via crafted column aliases"
},
{
"cve": "CVE-2026-1312",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-02-03T15:01:18.274166+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the `.QuerySet.order_by()` method. This occurs when column aliases containing periods are used, and the same alias is also present in `FilteredRelation` via a specially crafted dictionary. Successful exploitation could lead to unauthorized information disclosure or arbitrary code execution within the database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Django allows for SQL injection within the `QuerySet.order_by()` method. A remote attacker could exploit this by providing crafted column aliases that include periods, specifically when used with `FilteredRelation`. Successful exploitation may result in unauthorized information disclosure or arbitrary code execution against the underlying database. This affects Red Hat products that integrate Django, such as Red Hat Ansible Automation Platform and Red Hat Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1312"
},
{
"category": "external",
"summary": "RHBZ#2436342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1312",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1312"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1312",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1312"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
}
],
"release_date": "2026-02-03T14:36:23.257000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()"
},
{
"cve": "CVE-2026-22029",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-01-10T04:01:03.694749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428412"
}
],
"notes": [
{
"category": "description",
"text": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "RHBZ#2428412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"release_date": "2026-01-10T02:42:32.736000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in 1.13.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
}
]
}
FKIE_CVE-2026-25639
Vulnerability from fkie_nvd - Published: 2026-02-09 21:15 - Updated: 2026-02-09 21:55
Severity ?
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in 1.13.5.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in 1.13.5."
}
],
"id": "CVE-2026-25639",
"lastModified": "2026-02-09T21:55:30.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-02-09T21:15:49.010",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-43FC-JF86-J433
Vulnerability from github – Published: 2026-02-09 17:46 – Updated: 2026-02-09 22:39
VLAI?
Summary
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
Details
Denial of Service via proto Key in mergeConfig
Summary
The mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
Details
The vulnerability exists in lib/core/mergeConfig.js at lines 98-101:
utils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {
const merge = mergeMap[prop] || mergeDeepProperties;
const configValue = merge(config1[prop], config2[prop], prop);
(utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
});
When prop is '__proto__':
JSON.parse('{"__proto__": {...}}')creates an object with__proto__as an own enumerable propertyObject.keys()includes'__proto__'in the iterationmergeMap['__proto__']performs prototype chain lookup, returningObject.prototype(truthy object)- The expression
mergeMap[prop] || mergeDeepPropertiesevaluates toObject.prototype Object.prototype(...)throwsTypeError: merge is not a function
The mergeConfig function is called by:
Axios._request()atlib/core/Axios.js:75Axios.getUri()atlib/core/Axios.js:201- All HTTP method shortcuts (
get,post, etc.) atlib/core/Axios.js:211,224
PoC
import axios from "axios";
const maliciousConfig = JSON.parse('{"__proto__": {"x": 1}}');
await axios.get("https://httpbin.org/get", maliciousConfig);
Reproduction steps:
- Clone axios repository or
npm install axios - Create file
poc.mjswith the code above - Run:
node poc.mjs - Observe the TypeError crash
Verified output (axios 1.13.4):
TypeError: merge is not a function
at computeConfigValue (lib/core/mergeConfig.js:100:25)
at Object.forEach (lib/utils.js:280:10)
at mergeConfig (lib/core/mergeConfig.js:98:9)
Control tests performed:
| Test | Config | Result |
|------|--------|--------|
| Normal config | {"timeout": 5000} | SUCCESS |
| Malicious config | JSON.parse('{"__proto__": {"x": 1}}') | CRASH |
| Nested object | {"headers": {"X-Test": "value"}} | SUCCESS |
Attack scenario:
An application that accepts user input, parses it with JSON.parse(), and passes it to axios configuration will crash when receiving the payload {"__proto__": {"x": 1}}.
Impact
Denial of Service - Any application using axios that processes user-controlled JSON and passes it to axios configuration methods is vulnerable. The application will crash when processing the malicious payload.
Affected environments:
- Node.js servers using axios for HTTP requests
- Any backend that passes parsed JSON to axios configuration
This is NOT prototype pollution - the application crashes before any assignment occurs.
Severity ?
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.13.4"
},
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25639"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-09T17:46:14Z",
"nvd_published_at": "2026-02-09T21:15:49Z",
"severity": "HIGH"
},
"details": "# Denial of Service via **proto** Key in mergeConfig\n\n### Summary\n\nThe `mergeConfig` function in axios crashes with a TypeError when processing configuration objects containing `__proto__` as an own property. An attacker can trigger this by providing a malicious configuration object created via `JSON.parse()`, causing complete denial of service.\n\n### Details\n\nThe vulnerability exists in `lib/core/mergeConfig.js` at lines 98-101:\n\n```javascript\nutils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {\n const merge = mergeMap[prop] || mergeDeepProperties;\n const configValue = merge(config1[prop], config2[prop], prop);\n (utils.isUndefined(configValue) \u0026\u0026 merge !== mergeDirectKeys) || (config[prop] = configValue);\n});\n```\n\nWhen `prop` is `\u0027__proto__\u0027`:\n\n1. `JSON.parse(\u0027{\"__proto__\": {...}}\u0027)` creates an object with `__proto__` as an own enumerable property\n2. `Object.keys()` includes `\u0027__proto__\u0027` in the iteration\n3. `mergeMap[\u0027__proto__\u0027]` performs prototype chain lookup, returning `Object.prototype` (truthy object)\n4. The expression `mergeMap[prop] || mergeDeepProperties` evaluates to `Object.prototype`\n5. `Object.prototype(...)` throws `TypeError: merge is not a function`\n\nThe `mergeConfig` function is called by:\n\n- `Axios._request()` at `lib/core/Axios.js:75`\n- `Axios.getUri()` at `lib/core/Axios.js:201`\n- All HTTP method shortcuts (`get`, `post`, etc.) at `lib/core/Axios.js:211,224`\n\n### PoC\n\n```javascript\nimport axios from \"axios\";\n\nconst maliciousConfig = JSON.parse(\u0027{\"__proto__\": {\"x\": 1}}\u0027);\nawait axios.get(\"https://httpbin.org/get\", maliciousConfig);\n```\n\n**Reproduction steps:**\n\n1. Clone axios repository or `npm install axios`\n2. Create file `poc.mjs` with the code above\n3. Run: `node poc.mjs`\n4. Observe the TypeError crash\n\n**Verified output (axios 1.13.4):**\n\n```\nTypeError: merge is not a function\n at computeConfigValue (lib/core/mergeConfig.js:100:25)\n at Object.forEach (lib/utils.js:280:10)\n at mergeConfig (lib/core/mergeConfig.js:98:9)\n```\n\n**Control tests performed:**\n| Test | Config | Result |\n|------|--------|--------|\n| Normal config | `{\"timeout\": 5000}` | SUCCESS |\n| Malicious config | `JSON.parse(\u0027{\"__proto__\": {\"x\": 1}}\u0027)` | **CRASH** |\n| Nested object | `{\"headers\": {\"X-Test\": \"value\"}}` | SUCCESS |\n\n**Attack scenario:**\nAn application that accepts user input, parses it with `JSON.parse()`, and passes it to axios configuration will crash when receiving the payload `{\"__proto__\": {\"x\": 1}}`.\n\n### Impact\n\n**Denial of Service** - Any application using axios that processes user-controlled JSON and passes it to axios configuration methods is vulnerable. The application will crash when processing the malicious payload.\n\nAffected environments:\n\n- Node.js servers using axios for HTTP requests\n- Any backend that passes parsed JSON to axios configuration\n\nThis is NOT prototype pollution - the application crashes before any assignment occurs.",
"id": "GHSA-43fc-jf86-j433",
"modified": "2026-02-09T22:39:32Z",
"published": "2026-02-09T17:46:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/pull/7369"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"type": "PACKAGE",
"url": "https://github.com/axios/axios"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…