Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.42 security and extras update

Red Hat OpenShift Container Platform release 4.18.42 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

CVE-2026-42198 vulnerabilities

Vulnerabilities for packages: dependency-track-apiserver, debezium, camunda, flyway, nacos, kayenta, hono, nuxeo, keycloak-fips, apache-hop, kayenta-fips, ghidra, thingsboard, camunda-zeebe, seata, flyway-fips, apache-hop-fips, keycloak, sonarqube, dependency-track, guacamole-client,...

RHCOS 4 : OpenShift Container Platform 4.2.29 openshift (RHSA-2020:1527)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1527 advisory. - kubernetes: Use of unbounded 'client' label in apiserverrequesttotal allows for memory exhaustion CVE-2020-8552 Note that Nessus has not...

CVE-2026-7784

A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. T...

PT-2026-36933

Name of the Vulnerable Software and Affected Versions RTGS2017 NagaAgent versions prior to 5.1.1 Description Improper processing of the file 'apiserver/routes/extensions.py' within the Skills Endpoint component allows for a remote path traversal attack. This occurs through the manipulation of the...

CVE-2026-40542 vulnerabilities

Vulnerabilities for packages: opensearch-fips, apache-nifi, pinot, dependency-track-apiserver, dependency-track, opensearch, trino, pinot-fips...

GHSA-V468-QCJX-R72W vulnerabilities

Vulnerabilities for packages: opensearch-fips, apache-nifi, pinot, dependency-track-apiserver, dependency-track, opensearch, trino, pinot-fips...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: gitlab-kas, mailpit, ctop, minio-fips, nats-top, vault-k8s-fips, kubernetes-dashboard-metrics-scraper, flannel-fips, cert-exporter, mods, db-operator, promxy, terraform-provider-databricks-fips, nri-mysql, omnibump, openbao, ko-fips, git-sync-fips,...

SUSE CVE-2025-14443

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

GO-2026-4578 openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References in github.com/openshift/openshift-apiserver

openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References in github.com/openshift/openshift-apiserver...

CVE-2025-11143 vulnerabilities

Vulnerabilities for packages: strimzi-kafka-operator-fips, dependency-track-apiserver, zookeeper-fips, neo4j, kafka-fips, zookeeper, spark-kubernetes-operator, pinot, akhq, wso2is, apache-hop, solr, apache-hop-fips, spark-fips, spark-kubernetes-operator-fips, kafka, dependency-track,...

GHSA-WJPW-4J6X-6RWH vulnerabilities

Vulnerabilities for packages: strimzi-kafka-operator-fips, dependency-track-apiserver, zookeeper-fips, neo4j, kafka-fips, zookeeper, spark-kubernetes-operator, pinot, akhq, wso2is, apache-hop, solr, apache-hop-fips, spark-fips, spark-kubernetes-operator-fips, kafka, dependency-track,...

Security Bulletin: IBM FoundationDB Operator Vulnerable to kube-apiserver vulnerability (CVE-2022-3172)

Summary IBM FoundationDB Operator addressed kube-apiserver vulnerability. Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing...

Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, cont

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.64.0 Release notes...

SUSE-SU-2026:0571-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.64.0 - Release notes...

openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential Denial of Service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

CVE-2025-14443

CVE-2025-14443 affects the OpenShift API server (ose-openshift-apiserver). The flaw enables SSRF through processing of user-supplied image references due to missing IP address and network-range validation, enabling internal network enumeration, service discovery, limited information disclosure, a...

CVE-2025-64432

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...

SUSE CVE-2025-64432

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...

CVE-2025-64432

CVE-2025-64432 affects KubeVirt, specifically the virt-api component, where the mTLS authentication flow fails to validate the CN field in client certificates against the extension-apiserver-authentication config, enabling potential RBAC bypass by communicating directly with the aggregated API se...