Red Hat Security Advisory: Red Hat Quay 3.12.15
🔗 CVE IDs covered (11)
📋 Description
CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61728 — golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61729 — crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-68121 — crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption CVE-2026-24049 — wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-25639 — axios: Axios affected by Denial of Service via proto Key in mergeConfig CVE-2026-25990 — pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image CVE-2026-26996 — minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-27628 — pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams CVE-2026-27904 — minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions CVE-2026-28802 — authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2026:4942
- externalhttps://access.redhat.com/security/cve/CVE-2025-61726
- externalhttps://access.redhat.com/security/cve/CVE-2025-61728
- externalhttps://access.redhat.com/security/cve/CVE-2025-61729
- externalhttps://access.redhat.com/security/cve/CVE-2025-68121
- externalhttps://access.redhat.com/security/cve/CVE-2026-24049
- externalhttps://access.redhat.com/security/cve/CVE-2026-25639
- externalhttps://access.redhat.com/security/cve/CVE-2026-25990
- externalhttps://access.redhat.com/security/cve/CVE-2026-26996
- externalhttps://access.redhat.com/security/cve/CVE-2026-27628
- externalhttps://access.redhat.com/security/cve/CVE-2026-27904
- externalhttps://access.redhat.com/security/cve/CVE-2026-28802
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4942.json