Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.7%top 51%

Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.20.15 security, enhancement & bug fix update

0
High
Published: 07/16/2026 (07/16/2026, 11:26:54 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

Red Hat OpenShift Data Foundation 4.20.15 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-7340: RHODF 4.20.15 release DFBUGS-7331: [Backport for 4.20] - [GSS][ODF][MCG] noobaa-db-pg-cluster won't synchronize anymore - "could not receive data from WAL stream: ERROR: requested WAL segment 00000008000001C600000068 has already been removed" DFBUGS-6939: [4.20.z] Integrate ibm-storage-odf-operator 1.9.0 DFBUGS-6666: [Backport to odf-4.20.z] Remove duplicate PersistentVolumeUsageCritical alerts DFBUGS-6528: [Backport to 4.20.z] maintenance mode is always set for storageclients in non RDR clusters DFBUGS-6522: CLONE 4.20 - [UI] Resource profile calculations doesn't include NFS DFBUGS-5418: [Backport to odf-4.20.z]Local Storage Operator not installed install link broken in OCP 4.20 DFBUGS-4843: [Backport to odf-4.20.z] [RDR] Failover for an RBD appset workload remains stuck, workload pods don't restore

Affected software

Affected versions
Red HatRed Hat Openshift Data FoundationRed Hat Openshift Data Foundation 4.20amd64registry.redhat.io/odf4/cephcsi-rhel9@sha256:ffd512657b2587866bdd42012599027977206f8a1a11ea1119c1349e646d2ddf_amd64

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/11/2026, 13:08:22 UTC

Technical Analysis

Red Hat Quay 3.16.1 is a security update that fixes several vulnerabilities including CVE-2025-12816 and others, as well as bugs affecting the user interface and service components. The advisory RHSA-2026:0518 details these fixes and recommends applying this update after ensuring all prior errata are installed. The vulnerabilities involve weaknesses categorized under CWE-179, CWE-770, and CWE-674. No explicit CVSS scores are provided, but the severity is classified as high by Red Hat Product Security.

Potential Impact

The vulnerabilities fixed in Red Hat Quay 3.16.1 are rated high severity, indicating potential significant impact if exploited. Specific impacts are not detailed in the advisory, but the presence of multiple CVEs and CWEs suggests risks related to improper handling of data or resource management. No known exploits in the wild have been reported at this time.

Mitigation Recommendations

Red Hat has released Quay 3.16.1 as an official fix addressing the identified vulnerabilities and bugs. Users should apply this update promptly after confirming that all previously released relevant errata have been applied. Detailed update instructions are available from Red Hat's official documentation. No additional mitigation steps are indicated beyond applying the update.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2026:4185
Cve Count
10
Additional Cves
["CVE-2025-15284","CVE-2025-52881","CVE-2025-61729","CVE-2025-65945","CVE-2025-66418","CVE-2025-66471","CVE-2025-66506","CVE-2026-21441","CVE-2026-24049"]
Cvss Version
null

Threat ID: 6a160968e29bf47b5062e199

Added to database: 05/26/2026, 20:58:16 UTC

Last enriched: 07/11/2026, 13:08:22 UTC

Last updated: 07/18/2026, 13:36:41 UTC

Views: 82

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses