Threats Tagged 'cve-2026-40895'

Red Hat OpenShift Service Mesh 2. 6 includes Kiali 1. 73. 30, which addresses multiple security vulnerabilities affecting its observability component. These include denial of service, information disclosure, cross-site scripting (XSS), HTTP transport hijacking, arbitrary HTTP header injection, authentication bypass, and NO_PROXY bypass issues stemming from underlying libraries such as Go, follow-redirects, DOMPurify, and Axios. The update is rated with a high security impact by Red Hat Product Security. No known exploits in the wild have been reported. The advisory provides updated RPM packages to remediate these issues.

Red Hat OpenShift Service Mesh 3. 1's Kiali component version 2. 11. 10 addresses multiple security vulnerabilities including denial of service, information disclosure, HTTP transport hijacking, arbitrary HTTP header injection, authentication bypass, and JSON response tampering. These issues stem from flaws in dependencies such as Go certificate chain building, follow-redirects, and Axios HTTP client, particularly involving prototype pollution and crafted URLs. The update is rated with a high security impact by Red Hat Product Security. No known exploits in the wild have been reported. The advisory provides updated RPM packages for remediation.

Kiali 2. 4. 16 for Red Hat OpenShift Service Mesh 3. 0 addresses multiple security vulnerabilities affecting observability and management of service mesh topology and metrics. The update fixes eight distinct vulnerabilities including denial of service, information disclosure, HTTP transport hijacking, arbitrary HTTP header injection, authentication bypass, and JSON response tampering, primarily related to Go certificate chain building and prototype pollution issues in the Axios HTTP client. Red Hat has rated the overall security impact of these issues as critical. No explicit CVSS scores are provided in the advisory. The vulnerabilities affect Red Hat OpenShift Service Mesh 3. 0 deployments using Kiali 2. 4.

Red Hat OpenShift Service Mesh 3. 2's Kiali component version 2. 17. 7 addresses multiple security vulnerabilities including denial of service, information disclosure, HTTP transport hijacking, arbitrary HTTP header injection, authentication bypass, and JSON response tampering. These issues stem from flaws in dependencies such as Go certificate chain building, follow-redirects, and Axios HTTP client, notably involving prototype pollution and crafted URL attacks. Red Hat has released an updated Kiali version 2. 17. 7 to remediate these vulnerabilities. The advisory rates the security impact as critical, though no CVSS scores are provided. There are no known exploits in the wild at this time.

Red Hat Developer Hub (RHDH) version 1. 9. 4 addresses multiple critical security vulnerabilities affecting its enterprise-grade developer portal platform. RHDH is a self-managed, customizable portal based on Backstage. io, supporting major Kubernetes clusters. The advisory references 25 CVEs including CVE-2025-62718 and others, indicating a broad set of security issues. The vendor has released RHDH 1. 9. 4 to fix these vulnerabilities. No known exploits are reported in the wild at this time.

Multiple security vulnerabilities have been identified in Red Hat's Network Observability 1. 11. 2 for OpenShift, a network flows collector and monitoring solution. The advisory references 13 CVEs including CVE-2025-62718 and others, with a high severity rating. No known exploits are reported in the wild. The vendor advisory does not explicitly state that a fix is available and does not list any patches. The advisory provides guidance on applying updates but does not confirm remediation status. The product is not a cloud service, so remediation depends on user action. The vulnerabilities involve a range of CWEs indicating issues such as improper input validation and potential code execution risks. No specific affected countries are identified.

Red Hat Advanced Cluster Security for Kubernetes (RHACS) version 4. 9. 7 includes multiple security and bug fixes addressing a set of vulnerabilities identified by CVE-2025-62718 and nine additional CVEs. The advisory highlights an important security update that resolves inconsistencies in CVE severity and fixes several security issues across components. Users of earlier RHACS versions are advised to upgrade to 4. 9. 7 to benefit from these patches. No known exploits in the wild have been reported for these vulnerabilities at this time.

Red Hat Discovery is a tool used to inspect and report environment data such as system counts, operating systems, and configuration details within a network. The advisory references multiple CVEs including CVE-2025-62718 affecting Red Hat Discovery and related products. The vendor advisory does not indicate any available fixes or patches for these vulnerabilities as of the publication date. No known exploits are reported in the wild. The severity is assessed as high based on the advisory metadata, but detailed impact specifics are not provided. The advisory suggests installing containers via discovery-installer RPM but does not explicitly state this as a remediation for the vulnerabilities. No geographic targeting is indicated. Patch status is not confirmed; users should consult the official Red Hat advisory for updates.

Red Hat has released updated Cryostat 4 on RHEL 9 container images that address multiple security vulnerabilities affecting various components and libraries. These fixes include patches for denial of service, authorization bypass, information disclosure, request smuggling, memory safety, and arbitrary code execution issues. Users of Cryostat 4 on RHEL 9 container images are advised to upgrade to the updated images and rebuild dependent container images to ensure these vulnerabilities are mitigated.

Red Hat OpenShift AI version 3. 3. 3 addresses multiple critical security vulnerabilities identified by CVE-2025-6242 and 45 additional CVEs. The advisory announces updated container images for Red Hat OpenShift AI to mitigate these issues. No specific technical details or fixes for individual CVEs are provided in the advisory content. There are no known exploits in the wild at the time of publication. The vendor has released updated images and documentation to guide users on upgrading their clusters to apply the errata update. Patch status is not explicitly confirmed in the advisory, and no direct patch links are provided. Users should consult the official Red Hat documentation for upgrade instructions and remediation details. The vulnerabilities collectively are rated critical in severity.