RHSA-2026:8483CriticalCVSS 9.1

Red Hat Security Advisory: Kiali 1.73.29 for Red Hat OpenShift Service Mesh 2.6

Published
April 16, 2026
Last Modified
July 7, 2026

🔗 CVE IDs covered (10)

📋 Description

CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-62718 — axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization CVE-2025-68121 — crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption CVE-2026-4800 — lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-25679 — net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-27606 — rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability CVE-2026-29063 — immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution CVE-2026-29074 — svgo: SVGO: Denial of Service via XML entity expansion CVE-2026-33186 — google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation CVE-2026-40175 — axios: Axios: Remote Code Execution via Prototype Pollution escalation

🔗 References (14)