What is RHSA-2026:3712?

RHSA-2026:3712 is a security advisory published by Red Hat Product Security with High severity. Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.15.4

What is the CVSS v3 score of RHSA-2026:3712?

RHSA-2026:3712 has a CVSS v3 base score of 8.7, published by Red Hat Product Security.

RHSA-2026:3712HighCVSS 8.7

Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.15.4

Vendor

Red Hat Product Security

Published

March 4, 2026

Last Modified

June 3, 2026

🔗 CVE IDs covered (11)

CVE-2025-66564 →CVE-2024-37890 →CVE-2025-6545 →CVE-2025-9287 →CVE-2025-9288 →CVE-2025-12816 →CVE-2025-66031 →CVE-2025-66506 →CVE-2025-6547 →CVE-2025-13465 →CVE-2025-15284 →

📋 Description

CVE-2024-37890 — nodejs-ws: denial of service when handling a request with many HTTP headers CVE-2025-6545 — pbkdf2: pbkdf2 silently returns predictable key material CVE-2025-6547 — pbkdf2: pbkdf2 silently returns static keys CVE-2025-9287 — cipher-base: Cipher-base hash manipulation CVE-2025-9288 — sha.js: Missing type checks leading to hash rewind and passing on crafted data CVE-2025-12816 — node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-15284 — qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-66031 — node-forge: node-forge ASN.1 Unbounded Recursion CVE-2025-66506 — github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token CVE-2025-66564 — github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing

🔗 CVE IDs covered (11)

📋 Description

🔗 References (15)