RHSA-2026:9440HighCVSS 9.1

Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.10

Published
April 21, 2026
Last Modified
June 4, 2026

🔗 CVE IDs covered (4)

CVE-2026-25679CVE-2026-33186CVE-2026-33747 · pendingCVE-2026-33748

📋 Description

CVE-2026-25679 — net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-33186 — google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation CVE-2026-33747 — BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend CVE-2026-33748 — github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components

🔗 References (12)