RHSA-2026:14885
Vulnerability from csaf_redhat - Published: 2026-05-07 16:23 - Updated: 2026-05-07 16:26Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.3 release
Severity
Important
Notes
Topic: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.3 has been released
Details: This release of the Red Hat OpenShift distributed tracing platform (Tempo) provides security improvements and bug fixes.
Breaking changes:
* None.
Deprecations:
* None.
Technology Preview features:
* None.
Enhancements:
* None.
Bug fixes:
* Apache Thrift TFramedTransport integer overflow vulnerability is fixed: Previously, the Apache Thrift TFramedTransport Go language implementation contained an integer overflow vulnerability. An attacker could exploit this wraparound flaw to cause unexpected behavior or resource exhaustion, leading to a denial of service. With this update, the integer overflow vulnerability is fixed. For more information, see https://access.redhat.com/security/cve/cve-2026-41602.
* Apache Thrift server certificate validation vulnerability is fixed: Previously, Apache Thrift did not properly validate server certificates. Apache Thrift accepted certificates even when the hostname did not match the expected hostname. A remote attacker could exploit this flaw to impersonate a legitimate server, intercept or alter sensitive communications, and gain unauthorized access or disclose information. With this update, Apache Thrift properly validates server certificate hostnames. For more information, see https://access.redhat.com/security/cve/cve-2026-41603.
* Apache Thrift out-of-bounds read vulnerability is fixed: Previously, Apache Thrift contained an out-of-bounds read vulnerability. An attacker could exploit this flaw to access memory outside of allocated bounds, resulting in information disclosure or a denial-of-service (DoS) condition. With this update, Apache Thrift correctly validates memory access boundaries. For more information, see https://access.redhat.com/security/cve/cve-2026-41604 and https://access.redhat.com/security/cve/cve-2026-41607.
* Apache Thrift integer overflow vulnerability is fixed: Previously, Apache Thrift contained an integer overflow vulnerability. An attacker could exploit this wraparound flaw to cause unexpected behavior or resource exhaustion, impacting system availability or integrity. With this update, Apache Thrift correctly handles integer operations to prevent overflow conditions. For more information, see https://access.redhat.com/security/cve/cve-2026-41605.
* Apache Thrift uncontrolled recursion vulnerability is fixed: Previously, Apache Thrift contained an uncontrolled recursion vulnerability. When Apache Thrift processed specially crafted input, a remote attacker could trigger a denial-of-service (DoS) condition, causing excessive resource consumption and system unavailability. With this update, the recursion vulnerability is fixed, and remote attackers can no longer exploit this flaw. For more information, see https://access.redhat.com/security/cve/cve-2026-41606.
Known issues:
* None.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, refer to:
https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators
https://access.redhat.com/errata/RHSA-2026:14885
A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.
8.2 (High)
Vendor Fix
For details on how to apply this update, refer to:
https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators
https://access.redhat.com/errata/RHSA-2026:14885
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.
8.2 (High)
Vendor Fix
For details on how to apply this update, refer to:
https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators
https://access.redhat.com/errata/RHSA-2026:14885
A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.
7.7 (High)
Vendor Fix
For details on how to apply this update, refer to:
https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators
https://access.redhat.com/errata/RHSA-2026:14885
A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.
7.5 (High)
Vendor Fix
For details on how to apply this update, refer to:
https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators
https://access.redhat.com/errata/RHSA-2026:14885
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.
9.1 (Critical)
Vendor Fix
For details on how to apply this update, refer to:
https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators
https://access.redhat.com/errata/RHSA-2026:14885
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift distributed tracing platform (Tempo) 3.9.3 has been released",
"title": "Topic"
},
{
"category": "general",
"text": "This release of the Red Hat OpenShift distributed tracing platform (Tempo) provides security improvements and bug fixes.\n\n\nBreaking changes:\n\n* None.\n\n\nDeprecations:\n\n* None.\n\n\nTechnology Preview features:\n\n* None.\n\n\nEnhancements:\n\n* None.\n\n\nBug fixes:\n\n* Apache Thrift TFramedTransport integer overflow vulnerability is fixed: Previously, the Apache Thrift TFramedTransport Go language implementation contained an integer overflow vulnerability. An attacker could exploit this wraparound flaw to cause unexpected behavior or resource exhaustion, leading to a denial of service. With this update, the integer overflow vulnerability is fixed. For more information, see https://access.redhat.com/security/cve/cve-2026-41602.\n\n* Apache Thrift server certificate validation vulnerability is fixed: Previously, Apache Thrift did not properly validate server certificates. Apache Thrift accepted certificates even when the hostname did not match the expected hostname. A remote attacker could exploit this flaw to impersonate a legitimate server, intercept or alter sensitive communications, and gain unauthorized access or disclose information. With this update, Apache Thrift properly validates server certificate hostnames. For more information, see https://access.redhat.com/security/cve/cve-2026-41603.\n\n* Apache Thrift out-of-bounds read vulnerability is fixed: Previously, Apache Thrift contained an out-of-bounds read vulnerability. An attacker could exploit this flaw to access memory outside of allocated bounds, resulting in information disclosure or a denial-of-service (DoS) condition. With this update, Apache Thrift correctly validates memory access boundaries. For more information, see https://access.redhat.com/security/cve/cve-2026-41604 and https://access.redhat.com/security/cve/cve-2026-41607.\n\n* Apache Thrift integer overflow vulnerability is fixed: Previously, Apache Thrift contained an integer overflow vulnerability. An attacker could exploit this wraparound flaw to cause unexpected behavior or resource exhaustion, impacting system availability or integrity. With this update, Apache Thrift correctly handles integer operations to prevent overflow conditions. For more information, see https://access.redhat.com/security/cve/cve-2026-41605.\n\n* Apache Thrift uncontrolled recursion vulnerability is fixed: Previously, Apache Thrift contained an uncontrolled recursion vulnerability. When Apache Thrift processed specially crafted input, a remote attacker could trigger a denial-of-service (DoS) condition, causing excessive resource consumption and system unavailability. With this update, the recursion vulnerability is fixed, and remote attackers can no longer exploit this flaw. For more information, see https://access.redhat.com/security/cve/cve-2026-41606.\n\n\nKnown issues:\n\n* None.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:14885",
"url": "https://access.redhat.com/errata/RHSA-2026:14885"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41602",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41603",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41604",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41605",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41606",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41607",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-tempo",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-tempo"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_14885.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.3 release",
"tracking": {
"current_release_date": "2026-05-07T16:26:17+00:00",
"generator": {
"date": "2026-05-07T16:26:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2026:14885",
"initial_release_date": "2026-05-07T16:23:20+00:00",
"revision_history": [
{
"date": "2026-05-07T16:23:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-07T16:23:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-07T16:26:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.9.3",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256%3A9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778160493"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel9@sha256%3A841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778156610"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel9@sha256%3Af6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158391"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel9@sha256%3A37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158323"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9-operator@sha256%3Ae2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel9@sha256%3A745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158343"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9@sha256%3A5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158374"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel9@sha256%3Ad1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778156610"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel9@sha256%3Abea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158391"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel9@sha256%3A20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158323"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9-operator@sha256%3Aa12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel9@sha256%3Ad7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158343"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9@sha256%3A3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158374"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel9@sha256%3Ae78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778156610"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel9@sha256%3Ad21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158391"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel9@sha256%3A94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158323"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9-operator@sha256%3A815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel9@sha256%3A50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158343"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9@sha256%3Acb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158374"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel9@sha256%3A58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778156610"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel9@sha256%3Acf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158391"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel9@sha256%3A3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158323"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9-operator@sha256%3A0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel9@sha256%3A5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158343"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9@sha256%3Af9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1778158374"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41602",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:16.099816+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "RHBZ#2463407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/6",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/6"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:06.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T16:23:20+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14885"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation"
},
{
"cve": "CVE-2026-41603",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-04-28T10:01:29.782287+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463411"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "RHBZ#2463411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463411"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/7",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/7"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:40.564000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T16:23:20+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14885"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation"
},
{
"cve": "CVE-2026-41604",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:47.903741+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "RHBZ#2463416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41604",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41604"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/5",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:13.996000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T16:23:20+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14885"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41605",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:54.269412+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463418"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "RHBZ#2463418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41605"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/4",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/4"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:44.319000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T16:23:20+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14885"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability"
},
{
"cve": "CVE-2026-41606",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-04-28T10:01:19.136351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463408"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "RHBZ#2463408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463408"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/3",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/3"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:12.815000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T16:23:20+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14885"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion"
},
{
"cve": "CVE-2026-41607",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:33.022623+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463412"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "RHBZ#2463412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41607"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/2",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/2"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:48.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T16:23:20+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14885"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:20951bbce71da848cf595ae1480a0c46b131b59190fd657774a8932889a8e5da_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:37069c4ac61fc810096df8c25b1d12f95b04da5f11892fb4c6bcd3a3479d3777_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:3bdaf268da97b95f85a09a18e42e2cfe61ee56b0131b6f86ac4a41fac4854650_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:94fa2f56d060b2ac8a384db29bf073683bef50cd60724e893ee1dcb945424517_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:58739fdf7b671103fddd089db340747090d46018435d2f6519fb00436f08684f_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:841e1897e543548f5494c9495463514d4286697a760326b67c11958933a7ac70_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:d1a3996d3879700be89bad37bb688f5016078a11dbdda894932115da370508ee_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:e78a27a6a17ad3f2bd5771ada6ac2357156cd351dc3e976d0495fcdc38a4d891_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:bea6c0fb2bead67356a76060901018b90c2cda12e5ef0ffca8993e16b761ab41_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:cf73a80390a85a34b6b95a097a3e00c0ac5ed1e6e0bd396c1f55233b59de70ef_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:d21b8336c12507aabdb03ecee43d5e93633b202ea880ae6aced0426b40d972f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:f6e5c856ec74d0a7e858448960c4d09d2a24ac7bdce7ff18d1981bd23a45d6cb_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:9aca25cbc3ab1ba653d3b427df28f2b5ec1c4c041892e5e7ebd817be0ac56017_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:50bd4b1c745b916a8127a071e9d79dbde85268ab19c49ffb431863f9222152f6_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:5e922a6dc5973688e531cb1bcbb7a9a414f260d64be9c0a66701b7c050f8ed65_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:745c62848b8ab43bbcddf75a79b53662e0ac0aff050281c879e01c4c213accc3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:d7c013a4088c668aacbc00047f00cb1cc0041676f9f8d5a9971ab53fd15d5a69_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0fd2089ab716a8733ccdaa909eb7d8663c69de0c87cfc6551ca5a7b93c295a7b_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:815f222ec62bad59caede1682990af6367fcc4354013b5da96a7b67dd311a4b9_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a12c6e4a54dfe009700be799c8036a09a8845bc84dea533c024ffac0a65dc491_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:e2c38ca7fa1257940589d6eace9ad5d95c6dbaccf36ae04ce296d0350258e0a0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3345dc986a756c37e0636877a17dfa8483d12338e67d522419e85667f65cfa3e_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:5f227627f918d7a8b6328843da37547b54271ea93045b9a5d9ede82348b62d01_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:cb81f87ad3ed182494ec8f8f4d2a0229a28b716ae27f946d221077961534d9cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:f9a90f6a24678435a08a9783ac7612629b0702633b9405540b02eb5a6da4c6c9_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…