Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application
Summary
Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application. Red Hat rates this important (CVSS 8.8). Weakness: CWE-1289. Affected package(s): rhtas/client-server-rhel9:1780399582, golang1, cryostat/cryostat-storage-rhel9:4.1.1, opentelemetry-collector, hawtio-operator-container, web-terminal/web-terminal-exec-rhel9:1780425077. Resolved in Red Hat advisory RHSA-2026:28047 — update the affected packages (`sudo dnf update`).
- rhtas/client-server-rhel9:1780399582
- golang1-26-main-1.26.2-1.hum1
- cryostat/cryostat-storage-rhel9:4.1.1-7
- opentelemetry-collector-0:0.144.0-2.el10_0
- hawtio-operator-container
- opentelemetry-collector-0:0.144.0-2.el10_2
- web-terminal/web-terminal-exec-rhel9:1780425077
- rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator:1.0.3-1779996197
- multicluster-globalhub/multicluster-globalhub-agent-rhel9:1779838819
- web-terminal/web-terminal-exec-rhel9:1780423339
- yggdrasil-worker-forwarder-0:0.0.3-5.el9sat
- etcd-0:3.4.26-9.5.el9ost
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
- RHSA-2026:28047
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:28047 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.