RHSA-2026:24503HighCVSS 8.4

Red Hat Security Advisory: Multicluster Global Hub 1.7.1 security update

Published
June 8, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (12)

📋 Description

CVE-2025-41118 — pyroscope: sensitive COS SecretKey exposed in plaintext via configuration API due to missing type protection CVE-2026-21728 — grafana/tempo: Tempo: Denial of Service via large queries CVE-2026-32281 — crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32282 — golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-33813 — golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing CVE-2026-33815 — github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability CVE-2026-33816 — github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability CVE-2026-34040 — Moby: Moby: Authorization bypass vulnerability CVE-2026-40293 — OpenFGA: github.com/openfga/openfga: OpenFGA: Information disclosure of preshared API key via playground endpoint CVE-2026-40890 — github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input CVE-2026-41602 — github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation CVE-2026-43869 — Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation

🔗 References (15)