Denial of Service via crafted JSON Web Encryption (JWE) object
Summary
Denial of Service via crafted JSON Web Encryption (JWE) object. Red Hat rates this important (CVSS 7.5). Weakness: CWE-131. Affected package(s): odf4/mcg-core-rhel9:1776403991, openshift-service-mesh/pilot-rhel8:1777319850, openshift-service-mesh/istio-cni-rhel8:1777374598, odf4/odf-cloudnative-pg-rhel9-operator:1776406131, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753, multicluster-engine/assisted-installer-agent-rhel9:1776351169. Resolved in Red Hat advisory RHSA-2026:25194 — update the affected packages (`sudo dnf update`).
- odf4/mcg-core-rhel9:1776403991
- openshift-service-mesh/pilot-rhel8:1777319850
- openshift-service-mesh/istio-cni-rhel8:1777374598
- odf4/odf-cloudnative-pg-rhel9-operator:1776406131
- multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753
- multicluster-engine/assisted-installer-agent-rhel9:1776351169
- quay/quay-rhel9:1779922205
- openshift4/ose-telemeter-rhel9:1778711679
- odf4/odf-rhel9-operator:1776707763
- odf4/ocs-client-console-rhel9:1776404539
- quay/quay-rhel8:1779822261
- odf4/ocs-rhel9-operator:1778049920
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- RHSA-2026:25194
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:25194 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.