Red Hat Security Advisory: Red Hat build of Cryostat security update
🔗 CVE IDs covered (10)
📋 Description
CVE-2025-48431 — Apache Thrift: c_glib: Apache Thrift c_glib: Denial of Service via specially crafted requests CVE-2026-9277 — shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators CVE-2026-32281 — crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-41240 — DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization CVE-2026-42578 — netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation CVE-2026-42579 — netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement CVE-2026-42581 — netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers CVE-2026-42584 — netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion CVE-2026-42587 — netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression CVE-2026-43869 — Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2026:28010
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2456333
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2461147
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2463410
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2466660
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2477217
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2477220
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2477224
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2477226
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2477232
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2480741
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28010.json