Red Hat Security Advisory: Multicluster Global Hub 1.7.1 security update
🔗 CVE IDs covered (12)
📋 Description
CVE-2025-41118 — pyroscope: sensitive COS SecretKey exposed in plaintext via configuration API due to missing type protection CVE-2026-21728 — grafana/tempo: Tempo: Denial of Service via large queries CVE-2026-32281 — crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32282 — golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-33813 — golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing CVE-2026-33815 — github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability CVE-2026-33816 — github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability CVE-2026-34040 — Moby: Moby: Authorization bypass vulnerability CVE-2026-40293 — OpenFGA: github.com/openfga/openfga: OpenFGA: Information disclosure of preshared API key via playground endpoint CVE-2026-40890 — github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input CVE-2026-41602 — github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation CVE-2026-43869 — Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2026:24503
- externalhttps://access.redhat.com/security/cve/CVE-2025-41118
- externalhttps://access.redhat.com/security/cve/CVE-2026-21728
- externalhttps://access.redhat.com/security/cve/CVE-2026-32281
- externalhttps://access.redhat.com/security/cve/CVE-2026-32282
- externalhttps://access.redhat.com/security/cve/CVE-2026-33813
- externalhttps://access.redhat.com/security/cve/CVE-2026-33815
- externalhttps://access.redhat.com/security/cve/CVE-2026-33816
- externalhttps://access.redhat.com/security/cve/CVE-2026-34040
- externalhttps://access.redhat.com/security/cve/CVE-2026-40293
- externalhttps://access.redhat.com/security/cve/CVE-2026-40890
- externalhttps://access.redhat.com/security/cve/CVE-2026-41602
- externalhttps://access.redhat.com/security/cve/CVE-2026-43869
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24503.json