Submariner v0.22 is a Kubernetes operator facilitating direct networking between pods and services across Kubernetes clusters by implementing KEP-1645 (Multi-Cluster Services API). Red Hat's security advisory RHSA-2026:8151 addresses multiple vulnerabilities (11 CVEs including CVE-2025-61726 and others) affecting Red Hat Advanced Cluster Management for Kubernetes v2.15 and related container images. The advisory includes fixes for issues such as IPv6 VxLAN tunnel support, cluster connection stability, AWS LoadBalancer service creation, and nftables migration. The update provides security fixes and container image updates to mitigate these vulnerabilities. No CVSS scores are provided, and no known exploits in the wild have been reported.

The vulnerabilities addressed in this advisory affect the security and stability of cross-cluster networking in Kubernetes environments managed by Red Hat Advanced Cluster Management for Kubernetes. Potential impacts include disruption of cluster connectivity, improper handling of network rules, and compatibility issues that could affect service availability and security posture. The advisory rates the overall impact as important (high severity), indicating significant security concerns that warrant prompt attention. No active exploitation has been reported.

Red Hat has released updated Submariner v0.22 images and container updates that include security fixes and enhancements. Users of Red Hat Advanced Cluster Management for Kubernetes v2.15 and affected components should apply these updates as provided by Red Hat. The vendor advisory RHSA-2026:8151 is the authoritative source for patch availability and remediation instructions. Since this is a product update rather than a cloud service, remediation requires user action to deploy the updated images. There are no indications that no action is required or that the issue is already mitigated without updates.