RHSA-2026:22619HighCVSS 8.2

Red Hat Security Advisory: Red Hat Data Grid 8.6.1 security update

Published
June 2, 2026
Last Modified
June 3, 2026

🔗 CVE IDs covered (12)

CVE-2026-4800CVE-2026-33870 · pendingCVE-2026-40975CVE-2026-42043CVE-2026-33871 · pendingCVE-2026-34478CVE-2026-34480CVE-2026-34481CVE-2026-41240CVE-2026-42033CVE-2026-42039CVE-2026-42041

📋 Description

CVE-2026-4800 — lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-33870 — io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values CVE-2026-33871 — netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood CVE-2026-34478 — org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames CVE-2026-34480 — org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging CVE-2026-34481 — org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output CVE-2026-40975 — Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure. CVE-2026-41240 — DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization CVE-2026-42033 — axios: Axios: HTTP Transport Hijacking via Prototype Pollution CVE-2026-42039 — axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data CVE-2026-42041 — axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling CVE-2026-42043 — axios: Axios: NO_PROXY bypass via crafted URL

🔗 References (16)