RHSA-2026:26010HighCVSS 7.8
Red Hat Security Advisory: Cluster Observability Operator 1.5.0
🔗 CVE IDs covered (4)
📋 Description
CVE-2025-62718 — axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization CVE-2026-32282 — golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-40895 — follow-redirects: follow-redirects: Information disclosure via cross-domain redirects CVE-2026-42035 — axios: Axios: Arbitrary HTTP header injection via prototype pollution
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2026:26010
- externalhttps://access.redhat.com/security/cve/CVE-2025-62718
- externalhttps://access.redhat.com/security/cve/CVE-2026-32282
- externalhttps://access.redhat.com/security/cve/CVE-2026-40895
- externalhttps://access.redhat.com/security/cve/CVE-2026-42035
- externalhttps://access.redhat.com/security/updates/classification
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.openshift.com/container-platform/latest/observability/cluster_observability_operator/cluster-observability-operator-release-notes.html
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26010.json