RHSA-2026:3869HighCVSS 8.7
Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.5 security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2025-12816 — node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-66418 — urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2026:3869
- externalhttps://access.redhat.com/security/cve/CVE-2025-12816
- externalhttps://access.redhat.com/security/cve/CVE-2025-13465
- externalhttps://access.redhat.com/security/cve/CVE-2025-61726
- externalhttps://access.redhat.com/security/cve/CVE-2025-66418
- externalhttps://access.redhat.com/security/cve/CVE-2025-66471
- externalhttps://access.redhat.com/security/cve/CVE-2026-21441
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_openshift_gitops/1.17/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3869.json