Authorization bypass due to skipped source-address validation
Summary
Authorization bypass due to skipped source-address validation. Red Hat rates this important (CVSS 7.1). Weakness: CWE-303. Affected package(s): multicluster-engine/addon-manager-rhel9:1782160196, multicluster-engine/registration-operator-rhel9:1782160210, rhelai3/bootc-azure-cuda-rhel9:1782758410, golang1, multicluster-engine/work-rhel9:1782159773, multicluster-engine/kube-rbac-proxy-mce-rhel9:1782477094. Resolved in Red Hat advisory RHSA-2026:23262 — update the affected packages (`sudo dnf update`).
- multicluster-engine/addon-manager-rhel9:1782160196
- multicluster-engine/registration-operator-rhel9:1782160210
- rhelai3/bootc-azure-cuda-rhel9:1782758410
- golang1-25-main-1.25.11-2.hum1
- multicluster-engine/work-rhel9:1782159773
- golang1-26-main-1.26.4-2.hum1
- multicluster-engine/kube-rbac-proxy-mce-rhel9:1782477094
- rhelai3/bootc-cuda-rhel9:1782744816
- rhelai3/bootc-azure-rocm-rhel9:1782754093
- rhelai3/bootc-gcp-cuda-rhel9:1782758409
- rhacm2/multicluster-observability-rhel9-operator:1782382711
- multicluster-engine/registration-rhel9:1782160541
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
- RHSA-2026:23262
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:23262 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.