RHSA-2026:2256
Vulnerability from csaf_redhat - Published: 2026-02-09 01:49 - Updated: 2026-02-12 09:51Summary
Red Hat Security Advisory: Red Hat multicluster global hub 1.5.3 security update
Notes
Topic
Red Hat multicluster global hub v1.5.3 general availability release images, which provide security fixes, bug fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details
Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat multicluster global hub v1.5.3 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2256",
"url": "https://access.redhat.com/errata/RHSA-2026:2256"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68429",
"url": "https://access.redhat.com/security/cve/CVE-2025-68429"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2256.json"
}
],
"title": "Red Hat Security Advisory: Red Hat multicluster global hub 1.5.3 security update",
"tracking": {
"current_release_date": "2026-02-12T09:51:54+00:00",
"generator": {
"date": "2026-02-12T09:51:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2256",
"initial_release_date": "2026-02-09T01:49:44+00:00",
"revision_history": [
{
"date": "2026-02-09T01:49:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-09T01:49:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-12T09:51:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat multicluster global hub 1.5.3",
"product": {
"name": "Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat multicluster global hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ac360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770109405"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Af91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770112233"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770112094"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3A3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770124784"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770113032"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Aa6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1769643671"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Adc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770109405"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Adcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770112233"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770112094"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ac9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770113032"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1769643671"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Abbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770109405"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Afd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770112233"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Aae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770112094"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Af35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770113032"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1769643671"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770109405"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770112233"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770112094"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ab6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770113032"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Abedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1769643671"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64 as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64 as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64 as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64 as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64 as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64 as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64 as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64 as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64 as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64 as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64 as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x as a component of Red Hat multicluster global hub 1.5.3",
"product_id": "Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x",
"relates_to_product_reference": "Red Hat multicluster global hub 1.5.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
],
"known_not_affected": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T01:49:44+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2256"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
],
"known_not_affected": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T01:49:44+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2256"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
],
"known_not_affected": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T01:49:44+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
],
"known_not_affected": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T01:49:44+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2256"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-68429",
"cwe": {
"id": "CWE-538",
"name": "Insertion of Sensitive Information into Externally-Accessible File or Directory"
},
"discovery_date": "2025-12-17T23:03:29.948214+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2423460"
}
],
"notes": [
{
"category": "description",
"text": "Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17, and 10.1.10 relates to Storybook\u2019s handling of environment variables defined in a `.env` file, which could, in specific circumstances, lead to those variables being unexpectedly bundled into the artifacts created by the `storybook build` command. When a built Storybook is published to the web, the bundle\u2019s source is viewable, thus potentially exposing those variables to anyone with access. For a project to potentially be vulnerable to this issue, it must build the Storybook (i.e. run `storybook build` directly or indirectly) in a directory that contains a `.env` file (including variants like `.env.local`) and publish the built Storybook to the web. Storybooks built without a `.env` file at build time are not affected, including common CI-based builds where secrets are provided via platform environment variables rather than `.env` files. Storybook runtime environments (i.e. `storybook dev`) are not affected. Deployed applications that share a repo with your Storybook are not affected. Users should upgrade their Storybook\u2014on both their local machines and CI environment\u2014to version .6.21, 8.6.15, 9.1.17, or 10.1.10 as soon as possible. Maintainers additionally recommend that users audit for any sensitive secrets provided via `.env` files and rotate those keys. Some projects may have been relying on the undocumented behavior at the heart of this issue and will need to change how they reference environment variables after this update. If a project can no longer read necessary environmental variable values, either prefix the variables with `STORYBOOK_` or use the `env` property in Storybook\u2019s configuration to manually specify values. In either case, do not include sensitive secrets as they will be included in the built bundle.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Storybook: Storybook: Information disclosure via unexpected bundling of environment variables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as it can lead to the unintended exposure of sensitive environment variables. This occurs when a Storybook project is built using the `storybook build` command in a directory containing a `.env` file, and the resulting bundle is subsequently published to a web-accessible location. Storybook instances built without `.env` files or run in development mode (`storybook dev`) are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
],
"known_not_affected": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68429"
},
{
"category": "external",
"summary": "RHBZ#2423460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68429"
},
{
"category": "external",
"summary": "https://github.com/storybookjs/storybook/security/advisories/GHSA-8452-54wp-rmv6",
"url": "https://github.com/storybookjs/storybook/security/advisories/GHSA-8452-54wp-rmv6"
},
{
"category": "external",
"summary": "https://storybook.js.org/blog/security-advisory",
"url": "https://storybook.js.org/blog/security-advisory"
}
],
"release_date": "2025-12-17T22:26:55.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T01:49:44+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Storybook: Storybook: Information disclosure via unexpected bundling of environment variables"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
],
"known_not_affected": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T01:49:44+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f91a72e4c89b3cf646505ab2a3aad8457b159a3c2de5e9908aaca35389f01153_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:34776d2d4c468f6da8137323cf284e72e66919a7f3e2a84c9e699a50d064179f_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ae22809ffeede1eba4bbcdddb0b712dec45c30148c7cb39128a872f072b59972_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:48184ec85768d791a0b8a96a15794f0e0f7f6f54ade9b40b782ef9c4f0b4eb5b_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le",
"Red Hat multicluster global hub 1.5.3:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f35eface5a07a2ee689969466e9162c65cd2660176fdc699776cf057cedb5e81_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…