RHSA-2026:24359HighCVSS 8.5
Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.3
🔗 CVE IDs covered (3)
📋 Description
CVE-2026-32280 — crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building CVE-2026-40161 — github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure of Git API token via user-controlled serverURL CVE-2026-40938 — github.com/tektoncd/pipeline: Tekton Pipelines: Arbitrary code execution and secret exfiltration via malicious git commands
🔗 References (7)
- selfhttps://access.redhat.com/errata/RHSA-2026:24359
- externalhttps://access.redhat.com/security/cve/CVE-2026-32280
- externalhttps://access.redhat.com/security/cve/CVE-2026-40161
- externalhttps://access.redhat.com/security/cve/CVE-2026-40938
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.7
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24359.json