Red Hat Security Advisory: Kiali 1.73.29 for Red Hat OpenShift Service Mesh 2.6
🔗 CVE IDs covered (10)
📋 Description
CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-62718 — axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization CVE-2025-68121 — crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption CVE-2026-4800 — lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-25679 — net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-27606 — rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability CVE-2026-29063 — immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution CVE-2026-29074 — svgo: SVGO: Denial of Service via XML entity expansion CVE-2026-33186 — google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation CVE-2026-40175 — axios: Axios: Remote Code Execution via Prototype Pollution escalation
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2026:8483
- externalhttps://access.redhat.com/security/cve/CVE-2025-61726
- externalhttps://access.redhat.com/security/cve/CVE-2025-62718
- externalhttps://access.redhat.com/security/cve/CVE-2025-68121
- externalhttps://access.redhat.com/security/cve/CVE-2026-25679
- externalhttps://access.redhat.com/security/cve/CVE-2026-27606
- externalhttps://access.redhat.com/security/cve/CVE-2026-29063
- externalhttps://access.redhat.com/security/cve/CVE-2026-29074
- externalhttps://access.redhat.com/security/cve/CVE-2026-33186
- externalhttps://access.redhat.com/security/cve/CVE-2026-40175
- externalhttps://access.redhat.com/security/cve/CVE-2026-4800
- externalhttps://access.redhat.com/security/updates/classification
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8483.json