RHSA-2026:1168HighCVSS 7.5
Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.18.1
🔗 CVE IDs covered (5)
📋 Description
CVE-2025-61727 — golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs CVE-2025-61729 — crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-66418 — urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2026:1168
- externalhttps://access.redhat.com/security/cve/CVE-2025-61727
- externalhttps://access.redhat.com/security/cve/CVE-2025-61729
- externalhttps://access.redhat.com/security/cve/CVE-2025-66418
- externalhttps://access.redhat.com/security/cve/CVE-2025-66471
- externalhttps://access.redhat.com/security/cve/CVE-2026-21441
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1168.json