RHSA-2026:25123HighCVSS 7.5

Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.28.2 Release.

Published
June 10, 2026
Last Modified
June 30, 2026

🔗 CVE IDs covered (7)

📋 Description

CVE-2026-6321 — fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies CVE-2026-42578 — netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation CVE-2026-42579 — netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement CVE-2026-42581 — netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers CVE-2026-42584 — netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion CVE-2026-42587 — netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression CVE-2026-43512 — tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication

🔗 References (11)