Threats Tagged 'cve-2026-31812'

rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security Fix(es): * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) * google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. For details about this release, refer to the release notes listed in the References section.

The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21

The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21

Release of RHOAI 3.3.3 provides these changes:

Red Hat OpenShift Service Mesh 3.0.10, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application. Fixes/Improvements: Security Fix(es): * istio-rhel9-operator: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) * istio-cni-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) * istio-pilot-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) * istio-proxyv2-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) * istio-proxyv2-rhel9: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186) * istio-proxyv2-rhel9: BuildKit: Arbitrary file write and code execution via untrusted frontend (CVE-2026-33747) * istio-proxyv2-rhel9: BuildKit: Unauthorized file access via Git URL fragment subdir components (CVE-2026-33748)

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.

HighVulnerabilityUnited StatesGermanyUnited Kingdom+7#cve#cve-2026-31812#cwe-248