Red Hat Security Advisory: Network Observability 1.11.0 for OpenShift

CVE-2024-25621 — github.com/containerd/containerd: containerd local privilege escalation CVE-2025-12816 — node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-15284 — qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-52881 — runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-58183 — golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-64329 — github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks CVE-2025-66031 — node-forge: node-forge ASN.1 Unbounded Recursion CVE-2025-66418 — urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data CVE-2025-66506 — github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) CVE-2026-23745 — node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives CVE-2026-24049 — wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24842 — node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check