RHSA-2026:19099
Vulnerability from csaf_redhat - Published: 2026-05-19 13:08 - Updated: 2026-05-24 21:42Summary
Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.10.3
Severity
Important
Notes
Topic: Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.10.3 General Availability release, with updates to container images.
Details: Assisted Installer RHEL 9 integrates components for the general multicluster engine
for Kubernetes 2.10.3 release that simplify the process of deploying OpenShift Container
Platform clusters.
The multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.
You can use the engine to create new Red Hat OpenShift Container Platform
clusters, or to import existing Kubernetes-based clusters for management.
After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Service (DoS) by causing the affected components to become unresponsive.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64 | — |
Workaround
|
Threats
Impact
Important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.10.3 General Availability release, with updates to container images.",
"title": "Topic"
},
{
"category": "general",
"text": "Assisted Installer RHEL 9 integrates components for the general multicluster engine\nfor Kubernetes 2.10.3 release that simplify the process of deploying OpenShift Container\nPlatform clusters.\n\nThe multicluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters, or to import existing Kubernetes-based clusters for management.\n\nAfter the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:19099",
"url": "https://access.redhat.com/errata/RHSA-2026:19099"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32285",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-35469",
"url": "https://access.redhat.com/security/cve/CVE-2026-35469"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19099.json"
}
],
"title": "Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.10.3",
"tracking": {
"current_release_date": "2026-05-24T21:42:34+00:00",
"generator": {
"date": "2026-05-24T21:42:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:19099",
"initial_release_date": "2026-05-19T13:08:36+00:00",
"revision_history": [
{
"date": "2026-05-19T13:08:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-19T13:08:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-24T21:42:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "multicluster engine for Kubernetes 2.1",
"product": {
"name": "multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_engine:2.10::el9"
}
}
}
],
"category": "product_family",
"name": "multicluster engine for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182390"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182435"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3A055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3Aeef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779135478"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182390"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3Acf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182435"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3Af2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3Abc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779135478"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3Afba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182390"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182435"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3Adbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779135478"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3Aa6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182390"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182435"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3A0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779182459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1779135478"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32285",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:54.925687+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "RHBZ#2451846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://github.com/buger/jsonparser/issues/275",
"url": "https://github.com/buger/jsonparser/issues/275"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4514",
"url": "https://github.com/golang/vulndb/issues/4514"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4514",
"url": "https://pkg.go.dev/vuln/GO-2026-4514"
}
],
"release_date": "2026-03-26T19:40:51.837000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T13:08:36+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.15.",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19099"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T13:08:36+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.15.",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19099"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T13:08:36+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.15.",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19099"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-35469",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-13T03:52:35+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457729"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Service (DoS) by causing the affected components to become unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw affecting OpenShift Container Platform. An attacker with specific elevated cluster roles, such as those permitting pod port forwarding, execution, attachment, or node proxying, could exploit a vulnerability in the SPDY streaming code of Kubelet, CRI-O, and kube-apiserver, leading to unresponsiveness of these critical components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-35469"
},
{
"category": "external",
"summary": "RHBZ#2457729",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457729"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-35469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-35469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35469"
}
],
"release_date": "2026-04-13T23:59:59+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T13:08:36+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.15.",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19099"
},
{
"category": "workaround",
"details": "To mitigate this issue, review and restrict the assignment of Kubernetes cluster roles `pods/portforward (create)`, `pods/exec (create)`, `pods/attach (create)`, and `nodes/proxy (get/create)` to untrusted users or service accounts. Ensure that only authorized and necessary entities possess these permissions. Modifying RBAC policies can impact the functionality of applications and services that rely on these permissions; careful testing is recommended.",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:5d24f1068bac5555543881c41e5231d350ddcc9969b46dee50534727230679a8_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:975b240b2e2f7eb955bd06acf36a9e3a4da8dbeb579ec23fb855da954c4ed46d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a6fbb0152c42ec1ebaf91366028901d68d3eb20ab0a117d8558ebecf0bf8b1c9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:fba8bf16dc461879e3669e81252229c0beb278efbea3193245fe3320eb0ad56d_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:01eb4feec1f88060499ba1d6dfcae4932542ff7ed45fa527522906b24f49798d_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1ec213a62c21a2b8da457e35499b0c1330b58638a2adfd8c44d647c73fbf7e1c_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:33427bfd363db78d04996f37352b5dd77eb5ccde30055fd1bc49bd11a80af57c_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7cab87bbc7c0de99680e959fc78ab84b9cd63f5929a11200a00180cc4aa8e86e_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:055922c629f46db60d21bc850a65eff3e1dd8cb2428591d464c6a9f5cfb97951_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:0d5e3dca2317ddf5a25054606e06daf60592b6701e7451c2b2f65801f949aaf0_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:dbc2a04e7b9305d604e470225546610b2820349c276886ca0a57c6740b3b9080_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:f2dbe411f3af386282fa458544ce9c4f36d3a0f64e4a6d6efebd3c7087368779_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0befdb95081a251d79e7e629ffd31f367e8c61377fa9cc1786b11b9b9728791f_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:52ab915f5a790a05f756efb0c5f5ef45f3f9580029dceb4054f522a636e811bf_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:9bce8a272554dad1cb79e08629bbacba5fdcd022083f9e6c95cdd2a5b98b0e62_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:cf8f9082509467538880188013567d671c666b50fcc8d9554cfd9630d43dc056_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:10fa93f21c1452b729b6496984d3a40d104eb4b0d97aa18ac1b7def1260da1b1_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2e9a932c8fa8300300b855cf9cae629cdafe46de59aae0b1c8592a4b38f3ad27_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:bc322f9d13d2d933d790f1e10cc5999369987f716f270be26ade5dc0cd1caa65_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:eef0df18ed2293d18c2b686e977b7aaedcaeeb25ab28e9689ddded9cffd4dbaf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…