Denial of Service via XML entity expansion bypass
Summary
Denial of Service via XML entity expansion bypass. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-776. Affected package(s): odf4/ocs-client-console-rhel9:1778050558, odf4/mcg-core-rhel9:1776403991, odf4/ocs-client-rhel9-operator:1778049818, odf4/odf-cloudnative-pg-rhel9-operator:1776406131, odf4/odf-csi-addons-sidecar-rhel9:1778050048, odf4/odf-multicluster-console-rhel9:1778078096. Resolved in Red Hat advisory RHSA-2026:7110 — update the affected packages (`sudo dnf update`).
- odf4/ocs-client-console-rhel9:1778050558
- odf4/mcg-core-rhel9:1776403991
- odf4/ocs-client-rhel9-operator:1778049818
- odf4/odf-cloudnative-pg-rhel9-operator:1776406131
- odf4/odf-csi-addons-sidecar-rhel9:1778050048
- odf4/odf-multicluster-console-rhel9:1778078096
- odf4/odf-cosi-sidecar-rhel9:1778045627
- odf4/odf-rhel9-operator:1776707763
- odf4/ocs-client-console-rhel9:1776404539
- odf4/ocs-rhel9-operator:1778049920
- odf4/odf-multicluster-rhel9-operator:1778050119
- odf4/odf-csi-addons-rhel9-operator:1778045731
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
- RHSA-2026:7110
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:7110 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.