RHSA-2026:1018HighCVSS 8.8
Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.4 security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2025-47913 — golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS CVE-2025-55190 — github.com/argoproj/argo-cd: Project API Token Exposes Repository Credentials CVE-2025-58183 — golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58754 — axios: Axios DoS via lack of data size check CVE-2025-61729 — crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-68156 — github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2026:1018
- externalhttps://access.redhat.com/security/cve/CVE-2025-47913
- externalhttps://access.redhat.com/security/cve/CVE-2025-55190
- externalhttps://access.redhat.com/security/cve/CVE-2025-58183
- externalhttps://access.redhat.com/security/cve/CVE-2025-58754
- externalhttps://access.redhat.com/security/cve/CVE-2025-61729
- externalhttps://access.redhat.com/security/cve/CVE-2025-68156
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_openshift_gitops/1.17/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1018.json