RHSA-2026:36873HighCVSS 8.8

Red Hat Security Advisory: Submariner v0.20 security fixes and container updates

Published
July 8, 2026
Last Modified
July 12, 2026

🔗 CVE IDs covered (11)

📋 Description

CVE-2025-47950 — coredns: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification CVE-2025-59530 — github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61729 — crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-68121 — crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption CVE-2025-68151 — github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages CVE-2026-26017 — github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw CVE-2026-26018 — github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation CVE-2026-44740 — github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation CVE-2026-53488 — github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin CVE-2026-53492 — github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.

🔗 References (14)