Red Hat Security Advisory: multicluster engine for Kubernetes v2.8.4 security update
🔗 CVE IDs covered (9)
📋 Description
CVE-2022-21698 — prometheus/client_golang: Denial of service using InstrumentHandlerCounter CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) CVE-2024-24786 — golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON CVE-2025-7195 — operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd CVE-2025-9287 — cipher-base: Cipher-base hash manipulation CVE-2025-9288 — sha.js: Missing type checks leading to hash rewind and passing on crafted data CVE-2025-30204 — golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-47907 — database/sql: Postgres Scan Race Condition CVE-2025-58183 — golang: archive/tar: Unbounded allocation when parsing GNU sparse map
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2026:0722
- externalhttps://access.redhat.com/security/cve/CVE-2022-21698
- externalhttps://access.redhat.com/security/cve/CVE-2023-44487
- externalhttps://access.redhat.com/security/cve/CVE-2024-24786
- externalhttps://access.redhat.com/security/cve/CVE-2025-30204
- externalhttps://access.redhat.com/security/cve/CVE-2025-47907
- externalhttps://access.redhat.com/security/cve/CVE-2025-7195
- externalhttps://access.redhat.com/security/cve/CVE-2025-58183
- externalhttps://access.redhat.com/security/cve/CVE-2025-9287
- externalhttps://access.redhat.com/security/cve/CVE-2025-9288
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0722.json