What is RHSA-2026:2256?

RHSA-2026:2256 is a security advisory published by Red Hat Product Security with High severity. Red Hat Security Advisory: Red Hat multicluster global hub 1.5.3 security update

Which CVE IDs does RHSA-2026:2256 cover?

RHSA-2026:2256 covers the following CVE IDs: CVE-2025-66471, CVE-2025-68429, CVE-2026-21441, CVE-2025-12816, CVE-2025-15284, CVE-2025-66418. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of RHSA-2026:2256?

RHSA-2026:2256 has a CVSS v3 base score of 8.7, published by Red Hat Product Security.

RHSA-2026:2256HighCVSS 8.7

Red Hat Security Advisory: Red Hat multicluster global hub 1.5.3 security update

Vendor

Red Hat Product Security

Published

February 9, 2026

Last Modified

June 3, 2026

🔗 CVE IDs covered (6)

CVE-2025-66471 →CVE-2025-68429 →CVE-2026-21441 →CVE-2025-12816 →CVE-2025-15284 →CVE-2025-66418 →

📋 Description

CVE-2025-12816 — node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications CVE-2025-15284 — qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-66418 — urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data CVE-2025-68429 — Storybook: Storybook: Information disclosure via unexpected bundling of environment variables CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

🔗 CVE IDs covered (6)

📋 Description

🔗 References (9)