Red Hat Security Advisory: Multicluster Global Hub 1.3.4 security update
🔗 CVE IDs covered (20)
📋 Description
CVE-2026-21728 — grafana/tempo: Tempo: Denial of Service via large queries CVE-2026-25679 — net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-27137 — crypto/x509: Incorrect enforcement of email constraints in crypto/x509 CVE-2026-32282 — golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32283 — crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages CVE-2026-32285 — github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input CVE-2026-32286 — github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server CVE-2026-33186 — google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation CVE-2026-33487 — github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue CVE-2026-33815 — github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability CVE-2026-33816 — github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability CVE-2026-34986 — github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object CVE-2026-41602 — github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation CVE-2026-41603 — Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation CVE-2026-41604 — Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability CVE-2026-41605 — Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability CVE-2026-41606 — Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion CVE-2026-41607 — Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability CVE-2026-41636 — apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion CVE-2026-43869 — Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation
🔗 References (23)
- selfhttps://access.redhat.com/errata/RHSA-2026:22423
- externalhttps://access.redhat.com/security/cve/CVE-2026-21728
- externalhttps://access.redhat.com/security/cve/CVE-2026-25679
- externalhttps://access.redhat.com/security/cve/CVE-2026-27137
- externalhttps://access.redhat.com/security/cve/CVE-2026-32282
- externalhttps://access.redhat.com/security/cve/CVE-2026-32283
- externalhttps://access.redhat.com/security/cve/CVE-2026-32285
- externalhttps://access.redhat.com/security/cve/CVE-2026-32286
- externalhttps://access.redhat.com/security/cve/CVE-2026-33186
- externalhttps://access.redhat.com/security/cve/CVE-2026-33487
- externalhttps://access.redhat.com/security/cve/CVE-2026-33815
- externalhttps://access.redhat.com/security/cve/CVE-2026-33816
- externalhttps://access.redhat.com/security/cve/CVE-2026-34986
- externalhttps://access.redhat.com/security/cve/CVE-2026-41602
- externalhttps://access.redhat.com/security/cve/CVE-2026-41603
- externalhttps://access.redhat.com/security/cve/CVE-2026-41604
- externalhttps://access.redhat.com/security/cve/CVE-2026-41605
- externalhttps://access.redhat.com/security/cve/CVE-2026-41606
- externalhttps://access.redhat.com/security/cve/CVE-2026-41607
- externalhttps://access.redhat.com/security/cve/CVE-2026-41636
- externalhttps://access.redhat.com/security/cve/CVE-2026-43869
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22423.json