Red Hat Security Advisory: RHACS 4.10.5 security and bug fix update
🔗 CVE IDs covered (15)
📋 Description
CVE-2026-9165 — stackrox: stackrox: Unbounded GraphQL query depth allows authenticated denial of service CVE-2026-12143 — form-data: form-data: Form field override via CRLF injection CVE-2026-25681 — golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting CVE-2026-33811 — net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME CVE-2026-39820 — net/mail: golang: Go net/mail: Denial of Service via crafted email inputs CVE-2026-39828 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions CVE-2026-39829 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters CVE-2026-39830 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses CVE-2026-39831 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check CVE-2026-39832 — golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions CVE-2026-39835 — golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate CVE-2026-42499 — net/mail: golang: net/mail: Denial of Service via pathological email address parsing CVE-2026-46597 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs CVE-2026-46625 — js-cookie: JavaScript Cookie: Cookie attribute manipulation via prototype pollution CVE-2026-53488 — github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin
🔗 References (19)
- selfhttps://access.redhat.com/errata/RHSA-2026:36625
- externalhttps://access.redhat.com/security/cve/CVE-2026-12143
- externalhttps://access.redhat.com/security/cve/CVE-2026-25681
- externalhttps://access.redhat.com/security/cve/CVE-2026-33811
- externalhttps://access.redhat.com/security/cve/CVE-2026-39820
- externalhttps://access.redhat.com/security/cve/CVE-2026-39828
- externalhttps://access.redhat.com/security/cve/CVE-2026-39829
- externalhttps://access.redhat.com/security/cve/CVE-2026-39830
- externalhttps://access.redhat.com/security/cve/CVE-2026-39831
- externalhttps://access.redhat.com/security/cve/CVE-2026-39832
- externalhttps://access.redhat.com/security/cve/CVE-2026-39835
- externalhttps://access.redhat.com/security/cve/CVE-2026-42499
- externalhttps://access.redhat.com/security/cve/CVE-2026-46597
- externalhttps://access.redhat.com/security/cve/CVE-2026-46625
- externalhttps://access.redhat.com/security/cve/CVE-2026-53488
- externalhttps://access.redhat.com/security/cve/CVE-2026-9165
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.10/html-single/release_notes/index#about-this-release-4105_release-notes-410
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36625.json