Threats Tagged 'cve-2026-42035'

Red Hat OpenShift Service Mesh 2. 6 includes Kiali 1. 73. 30, which addresses multiple security vulnerabilities affecting its observability component. These include denial of service, information disclosure, cross-site scripting (XSS), HTTP transport hijacking, arbitrary HTTP header injection, authentication bypass, and NO_PROXY bypass issues stemming from underlying libraries such as Go, follow-redirects, DOMPurify, and Axios. The update is rated with a high security impact by Red Hat Product Security. No known exploits in the wild have been reported. The advisory provides updated RPM packages to remediate these issues.

Red Hat OpenShift Service Mesh 3. 1's Kiali component version 2. 11. 10 addresses multiple security vulnerabilities including denial of service, information disclosure, HTTP transport hijacking, arbitrary HTTP header injection, authentication bypass, and JSON response tampering. These issues stem from flaws in dependencies such as Go certificate chain building, follow-redirects, and Axios HTTP client, particularly involving prototype pollution and crafted URLs. The update is rated with a high security impact by Red Hat Product Security. No known exploits in the wild have been reported. The advisory provides updated RPM packages for remediation.

Kiali 2. 4. 16 for Red Hat OpenShift Service Mesh 3. 0 addresses multiple security vulnerabilities affecting observability and management of service mesh topology and metrics. The update fixes eight distinct vulnerabilities including denial of service, information disclosure, HTTP transport hijacking, arbitrary HTTP header injection, authentication bypass, and JSON response tampering, primarily related to Go certificate chain building and prototype pollution issues in the Axios HTTP client. Red Hat has rated the overall security impact of these issues as critical. No explicit CVSS scores are provided in the advisory. The vulnerabilities affect Red Hat OpenShift Service Mesh 3. 0 deployments using Kiali 2. 4.

Red Hat OpenShift Service Mesh 3. 2's Kiali component version 2. 17. 7 addresses multiple security vulnerabilities including denial of service, information disclosure, HTTP transport hijacking, arbitrary HTTP header injection, authentication bypass, and JSON response tampering. These issues stem from flaws in dependencies such as Go certificate chain building, follow-redirects, and Axios HTTP client, notably involving prototype pollution and crafted URL attacks. Red Hat has released an updated Kiali version 2. 17. 7 to remediate these vulnerabilities. The advisory rates the security impact as critical, though no CVSS scores are provided. There are no known exploits in the wild at this time.

Multiple security vulnerabilities have been identified in Red Hat's Network Observability 1. 11. 2 for OpenShift, a network flows collector and monitoring solution. The advisory references 13 CVEs including CVE-2025-62718 and others, with a high severity rating. No known exploits are reported in the wild. The vendor advisory does not explicitly state that a fix is available and does not list any patches. The advisory provides guidance on applying updates but does not confirm remediation status. The product is not a cloud service, so remediation depends on user action. The vulnerabilities involve a range of CWEs indicating issues such as improper input validation and potential code execution risks. No specific affected countries are identified.

Red Hat Advanced Cluster Security for Kubernetes (RHACS) version 4. 9. 7 includes multiple security and bug fixes addressing a set of vulnerabilities identified by CVE-2025-62718 and nine additional CVEs. The advisory highlights an important security update that resolves inconsistencies in CVE severity and fixes several security issues across components. Users of earlier RHACS versions are advised to upgrade to 4. 9. 7 to benefit from these patches. No known exploits in the wild have been reported for these vulnerabilities at this time.

Red Hat Discovery is a tool used to inspect and report environment data such as system counts, operating systems, and configuration details within a network. The advisory references multiple CVEs including CVE-2025-62718 affecting Red Hat Discovery and related products. The vendor advisory does not indicate any available fixes or patches for these vulnerabilities as of the publication date. No known exploits are reported in the wild. The severity is assessed as high based on the advisory metadata, but detailed impact specifics are not provided. The advisory suggests installing containers via discovery-installer RPM but does not explicitly state this as a remediation for the vulnerabilities. No geographic targeting is indicated. Patch status is not confirmed; users should consult the official Red Hat advisory for updates.

Red Hat OpenShift Container Platform 4. 20. 23 includes a security update addressing multiple vulnerabilities affecting the platform's container images and packages. The update fixes several bugs and adds enhancements to improve security and stability. The advisory covers a range of CVEs including CVE-2025-61726 and others, with a security impact rated as Important by Red Hat Product Security. Users of OpenShift Container Platform 4. 20 are advised to upgrade to the updated packages and images available through official release channels. Detailed upgrade instructions and release notes are provided by Red Hat. No known exploits in the wild have been reported for these vulnerabilities at this time.

Red Hat OpenShift Container Platform 4. 21. 16 includes a security update addressing multiple vulnerabilities affecting the container images and packages. The update fixes several bugs and security issues rated as important by Red Hat Product Security. Users of OpenShift Container Platform 4. 21 are advised to upgrade to this release to apply the fixes. The advisory references multiple CVEs, including CVE-2026-22029 and others, but does not provide detailed technical descriptions or CVSS scores for these vulnerabilities. The update is available via updated container images and RPM packages, with instructions provided by Red Hat for upgrading clusters.

Red Hat OpenShift Service Mesh 3. 1's Kiali component version 2. 11. 9 addresses multiple critical security vulnerabilities affecting various third-party libraries and components. These include server-side request forgery and proxy bypass, denial of service, prototype pollution leading to remote code execution, authorization bypass, and arbitrary code execution. The advisory covers eight CVEs impacting dependencies such as Axios, lodash, gRPC-Go, Immutable. js, SVGO, Go JOSE, and net/url parsing. Red Hat has released this updated Kiali version to remediate these issues. No known exploits in the wild have been reported at this time.