Threats Tagged 'cve-2026-42044'

Red Hat OpenShift Service Mesh 3. 1's Kiali component version 2. 11. 10 addresses multiple security vulnerabilities including denial of service, information disclosure, HTTP transport hijacking, arbitrary HTTP header injection, authentication bypass, and JSON response tampering. These issues stem from flaws in dependencies such as Go certificate chain building, follow-redirects, and Axios HTTP client, particularly involving prototype pollution and crafted URLs. The update is rated with a high security impact by Red Hat Product Security. No known exploits in the wild have been reported. The advisory provides updated RPM packages for remediation.

Kiali 2. 4. 16 for Red Hat OpenShift Service Mesh 3. 0 addresses multiple security vulnerabilities affecting observability and management of service mesh topology and metrics. The update fixes eight distinct vulnerabilities including denial of service, information disclosure, HTTP transport hijacking, arbitrary HTTP header injection, authentication bypass, and JSON response tampering, primarily related to Go certificate chain building and prototype pollution issues in the Axios HTTP client. Red Hat has rated the overall security impact of these issues as critical. No explicit CVSS scores are provided in the advisory. The vulnerabilities affect Red Hat OpenShift Service Mesh 3. 0 deployments using Kiali 2. 4.

Red Hat OpenShift Service Mesh 3. 2's Kiali component version 2. 17. 7 addresses multiple security vulnerabilities including denial of service, information disclosure, HTTP transport hijacking, arbitrary HTTP header injection, authentication bypass, and JSON response tampering. These issues stem from flaws in dependencies such as Go certificate chain building, follow-redirects, and Axios HTTP client, notably involving prototype pollution and crafted URL attacks. Red Hat has released an updated Kiali version 2. 17. 7 to remediate these vulnerabilities. The advisory rates the security impact as critical, though no CVSS scores are provided. There are no known exploits in the wild at this time.

Red Hat Advanced Cluster Security for Kubernetes (RHACS) version 4. 9. 7 includes multiple security and bug fixes addressing a set of vulnerabilities identified by CVE-2025-62718 and nine additional CVEs. The advisory highlights an important security update that resolves inconsistencies in CVE severity and fixes several security issues across components. Users of earlier RHACS versions are advised to upgrade to 4. 9. 7 to benefit from these patches. No known exploits in the wild have been reported for these vulnerabilities at this time.

Kiali 1. 73. 31 for Red Hat OpenShift Service Mesh 2. 6 addresses two security vulnerabilities: CVE-2026-32281, a denial of service issue caused by inefficient certificate chain validation in Go's crypto/x509 package, and CVE-2026-42044, an invisible JSON response tampering vulnerability via prototype pollution in Axios. These vulnerabilities affect observability components that visualize and manage service mesh topology and metrics. Red Hat has released this update rated as having a Moderate security impact. No explicit patch details are provided in the advisory, but updated RPM packages for Kiali 1. 73. 31 are available. No known exploits in the wild have been reported.

Red Hat OpenShift Service Mesh 3. 1's Kiali component version 2. 11. 9 addresses multiple critical security vulnerabilities affecting various third-party libraries and components. These include server-side request forgery and proxy bypass, denial of service, prototype pollution leading to remote code execution, authorization bypass, and arbitrary code execution. The advisory covers eight CVEs impacting dependencies such as Axios, lodash, gRPC-Go, Immutable. js, SVGO, Go JOSE, and net/url parsing. Red Hat has released this updated Kiali version to remediate these issues. No known exploits in the wild have been reported at this time.