RHSA-2026:27126HighCVSS 7.5
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.10.0 release
🔗 CVE IDs covered (3)
📋 Description
CVE-2025-48431 — Apache Thrift: c_glib: Apache Thrift c_glib: Denial of Service via specially crafted requests CVE-2026-32281 — crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-43869 — Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation
🔗 References (7)
- selfhttps://access.redhat.com/errata/RHSA-2026:27126
- externalhttps://access.redhat.com/security/cve/CVE-2025-48431
- externalhttps://access.redhat.com/security/cve/CVE-2026-32281
- externalhttps://access.redhat.com/security/cve/CVE-2026-43869
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-tempo
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27126.json