Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.3%top 77%

Red Hat Security Advisory: RHTAS 1.0.1 - GA Release Of the Policy Controller Operator

0
High
Published: 07/09/2026 (07/09/2026, 13:43:04 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

The RHTAS Policy Controller Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20, 4.21, 4.22

CVSS v3.1

Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected software

Affected versions
Red HatRed Hat Trusted Artifact SignerRed Hat Trusted Artifact Signer 1.4amd64registry.redhat.io/rhtas/policy-controller-operator-bundle@sha256:d77bdf55a68e9bfce079a693f154b0c122b80ed652ad480233c51673f30baaec_amd64

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/10/2026, 09:34:16 UTC

Technical Analysis

This advisory covers vulnerabilities in the Red Hat Trusted Artifact Signer (RHTAS) Policy Controller Operator, a Helm-based operator for deploying and managing Sigstore Policy Controller instances on OpenShift Container Platform versions 4.16 to 4.22. The advisory references four CVEs (CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39835) and associates several CWEs (CWE-281, CWE-1284, CWE-772, CWE-476) indicating issues related to improper access control, permissions, resource management, and null pointer dereferences. The advisory does not provide a patch or remediation and does not indicate any known active exploitation. The operator is intended for on-premise deployment to enforce supply-chain metadata policies on OpenShift clusters. The vendor advisory and references do not specify fixed versions or mitigation steps beyond usage documentation.

Potential Impact

The vulnerabilities potentially affect the security posture of OpenShift clusters using the RHTAS Policy Controller Operator by introducing risks related to access control, permissions, resource management, and null pointer dereferences. These issues could lead to unauthorized actions or system instability within the operator's scope. However, no known exploits are reported in the wild, and the exact impact details are not provided in the advisory.

Mitigation Recommendations

No official fix or patch is currently available for these vulnerabilities according to the vendor advisory. Users should monitor Red Hat's official security advisories for updates and apply patches once released. In the meantime, follow best practices for limiting access to the operator and carefully review deployment configurations. Refer to the official product documentation for guidance on secure usage: https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2026:37296
Cve Count
4
Additional Cves
["CVE-2026-39829","CVE-2026-39830","CVE-2026-39835"]
Cvss Version
null

Threat ID: 6a50ba4168715ace4357de7f

Added to database: 07/10/2026, 09:24:17 UTC

Last enriched: 07/10/2026, 09:34:16 UTC

Last updated: 07/11/2026, 02:47:18 UTC

Views: 2

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses