Red Hat Security Advisory: Red Hat Quay 3.12.16

CVE-2026-4598 — jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs CVE-2026-4599 — jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces CVE-2026-4600 — jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters CVE-2026-4601 — jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing CVE-2026-4602 — jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling CVE-2026-25679 — net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-28498 — authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens CVE-2026-29063 — immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution CVE-2026-30922 — pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion CVE-2026-32597 — pyjwt: PyJWT accepts unknown crit header extensions (RFC 7515 §4.1.11 MUST violation)