This security advisory concerns the Red Hat Trusted Artifact Signer (RHTAS) Operator version 1.2.2, which supports OpenShift Container Platform versions 4.15 to 4.19. The vulnerabilities identified include CVE-2025-66418, CVE-2025-66471, and CVE-2026-21441, associated with resource management and synchronization issues (CWE-770 and CWE-409). The advisory references these CVEs but does not provide CVSS scores or detailed technical exploit information. No patches or fixes are currently listed in the advisory. The RHTAS Operator is a self-managed tool for cryptographic signing and verification of container images, binaries, and source code changes, aimed at ensuring software supply chain integrity. The vendor has not indicated any known active exploitation or immediate mitigation measures.

The vulnerabilities affect the integrity and reliability of the Red Hat Trusted Artifact Signer Operator, potentially leading to resource exhaustion or synchronization problems that could disrupt the signing and verification processes. This may impact the assurance of software artifact integrity within affected OpenShift environments. However, there are no reported exploits in the wild, and the advisory does not detail specific impacts beyond the vulnerability classifications.

The vendor advisory does not mention any available patches or fixes for these vulnerabilities at this time. No specific mitigation steps are provided. Users of the Red Hat Trusted Artifact Signer Operator should monitor the official Red Hat security advisories and product documentation for updates or patches. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.