Red Hat Security Advisory: Red Hat Developer Hub 1.8.7 release.
🔗 CVE IDs covered (14)
📋 Description
CVE-2026-6321 — fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies CVE-2026-32280 — crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building CVE-2026-32281 — crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32282 — golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-40895 — follow-redirects: follow-redirects: Information disclosure via cross-domain redirects CVE-2026-41240 — DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization CVE-2026-41242 — protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields CVE-2026-41674 — xmldom: xmldom: Arbitrary XML markup injection CVE-2026-42033 — axios: Axios: HTTP Transport Hijacking via Prototype Pollution CVE-2026-42035 — axios: Axios: Arbitrary HTTP header injection via prototype pollution CVE-2026-42039 — axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data CVE-2026-42041 — axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling CVE-2026-42043 — axios: Axios: NO_PROXY bypass via crafted URL CVE-2026-42044 — axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget
🔗 References (34)
- selfhttps://access.redhat.com/errata/RHSA-2026:21338
- externalhttps://access.redhat.com/security/cve/CVE-2026-32280
- externalhttps://access.redhat.com/security/cve/CVE-2026-32281
- externalhttps://access.redhat.com/security/cve/CVE-2026-32282
- externalhttps://access.redhat.com/security/cve/CVE-2026-40895
- externalhttps://access.redhat.com/security/cve/CVE-2026-41240
- externalhttps://access.redhat.com/security/cve/CVE-2026-41242
- externalhttps://access.redhat.com/security/cve/CVE-2026-41674
- externalhttps://access.redhat.com/security/cve/CVE-2026-42033
- externalhttps://access.redhat.com/security/cve/CVE-2026-42035
- externalhttps://access.redhat.com/security/cve/CVE-2026-42039
- externalhttps://access.redhat.com/security/cve/CVE-2026-42041
- externalhttps://access.redhat.com/security/cve/CVE-2026-42043
- externalhttps://access.redhat.com/security/cve/CVE-2026-42044
- externalhttps://access.redhat.com/security/cve/CVE-2026-6321
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://catalog.redhat.com/search?gs&searchType=containers&q=rhdh
- externalhttps://developers.redhat.com/rhdh/overview
- externalhttps://docs.redhat.com/en/documentation/red_hat_developer_hub
- externalhttps://issues.redhat.com/browse/RHIDP-13087
- externalhttps://issues.redhat.com/browse/RHIDP-13114
- externalhttps://issues.redhat.com/browse/RHIDP-13271
- externalhttps://issues.redhat.com/browse/RHIDP-13301
- externalhttps://issues.redhat.com/browse/RHIDP-13314
- externalhttps://issues.redhat.com/browse/RHIDP-13316
- externalhttps://issues.redhat.com/browse/RHIDP-13407
- externalhttps://issues.redhat.com/browse/RHIDP-13445
- externalhttps://issues.redhat.com/browse/RHIDP-13450
- externalhttps://issues.redhat.com/browse/RHIDP-13456
- externalhttps://issues.redhat.com/browse/RHIDP-13463
- externalhttps://issues.redhat.com/browse/RHIDP-13486
- externalhttps://issues.redhat.com/browse/RHIDP-13589
- externalhttps://issues.redhat.com/browse/RHIDP-13643
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21338.json