Authorization bypass due to improper HTTP/2 path validation
Summary
Authorization bypass due to improper HTTP/2 path validation. Red Hat rates this important (CVSS 9.1). Weakness: CWE-551. Affected package(s): rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9:1780078429, odf4/odf-csi-addons-sidecar-rhel9:1781550957, rhtas/trillian-logserver-rhel9:1776243434, openshift4/ose-cluster-olm-rhel9-operator:1779787336, rhdh/rhdh-rhel9-operator:1774544220, openshift4/ose-csi-driver-nfs-rhel9:1778242571. Resolved in Red Hat advisory RHSA-2026:27893 — update the affected packages (`sudo dnf update`).
- rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9:1780078429
- odf4/odf-csi-addons-sidecar-rhel9:1781550957
- rhtas/trillian-logserver-rhel9:1776243434
- openshift4/ose-cluster-olm-rhel9-operator:1779787336
- rhdh/rhdh-rhel9-operator:1774544220
- openshift4/ose-csi-driver-nfs-rhel9:1778242571
- odf4/cephcsi-rhel9-operator:1781549637
- multicluster-engine/assisted-installer-rhel9:1776949906
- openshift4/openshift-route-controller-manager-rhel9:1780042119
- openshift4/ose-sriov-network-webhook-rhel9:1779255322
- odf4/odf-cli-rhel9:1781557189
- multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
- RHSA-2026:27893
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:27893 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.