RHSA-2026:28573HighCVSS 8.1
Red Hat Security Advisory: Red Hat Offline Knowledge Portal security and content update
🔗 CVE IDs covered (5)
📋 Description
CVE-2026-5795 — org.eclipse.jetty.ee10/jetty-ee10: early return from the JASPIAuthenticator class without clearing ThreadLocal variables CVE-2026-44249 — netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation CVE-2026-45292 — opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage CVE-2026-45416 — netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake CVE-2026-50010 — netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2026:28573
- externalhttps://access.redhat.com/products/red-hat-offline-knowledge-portal
- externalhttps://access.redhat.com/security/cve/CVE-2026-44249
- externalhttps://access.redhat.com/security/cve/CVE-2026-45292
- externalhttps://access.redhat.com/security/cve/CVE-2026-45416
- externalhttps://access.redhat.com/security/cve/CVE-2026-50010
- externalhttps://access.redhat.com/security/cve/CVE-2026-5795
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_offline_knowledge_portal/1
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28573.json