RHSA-2026:28010HighCVSS 8.1

Red Hat Security Advisory: Red Hat build of Cryostat security update

Published
June 22, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (10)

📋 Description

CVE-2025-48431 — Apache Thrift: c_glib: Apache Thrift c_glib: Denial of Service via specially crafted requests CVE-2026-9277 — shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators CVE-2026-32281 — crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-41240 — DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization CVE-2026-42578 — netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation CVE-2026-42579 — netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement CVE-2026-42581 — netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers CVE-2026-42584 — netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion CVE-2026-42587 — netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression CVE-2026-43869 — Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation

🔗 References (13)