Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Submariner v0.22 security fixes and container |
Timeline
- Apr 15, 2026 CVE Published
- Apr 15, 2026 Distribution Patch
=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2026.3701 Submariner v0.22 security fixes and container updates 15 April 2026 =========================================================================== AUSCERT Security Bulletin Summary --------------------------------- Product: Submariner v0.22 security fixes and container Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2025-61726 CVE-2025-61728 CVE-2026-33186 CVE-2025-68121 CVE-2026-21441 CVE-2025-68151 CVE-2026-25679 CVE-2026-26017 CVE-2026-26018 CVE-2026-27137 CVE-2025-61729 Original Bulletin: https://access.redhat.com/errata/RHSA-2026:8151 Comment: CVSS (Max): 8.1 CVE-2026-33186 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N EPSS (Max): 0.1% (34th) CVE-2025-68151 2026-04-14 - --------------------------BEGIN INCLUDED TEXT-------------------- RHSA-2026:8151 - Security Advisory Issued: 2026-04-14 Updated: 2026-04-14 Synopsis Submariner v0.22 security fixes and container updates Type/Severity Security Advisory: Important Topic Submariner v0.22 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat Advanced Cluster Management for Kubernetes v2.15 Description Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters. For more information about Submariner, see the Submariner open source community website at: https://submariner.io/. Solution For release note details, see the upstream Submariner release notes: https://submariner.io/community/releases/ Downstream-specific issues resolved: o ACM-28330 o ACM-28332 o ACM-28334 o ACM-28336 o ACM-28338 o ACM-28340 o ACM-28343 o ACM-29328 o ACM-29512 o ACM-29661 o ACM-29662 o ACM-29681 o ACM-29682 o ACM-29683 o ACM-29684 o ACM-29777 o ACM-29801 o ACM-30135 o ACM-30730 o ACM-30731 o ACM-31135 o ACM-31137 o ACM-31861 o ACM-31872 o ACM-31874 o ACM-23783 o ACM-24731 o ACM-24797 o ACM-25518 o ACM-26321 o ACM-26965 o ACM-27273 o ACM-28917 o ACM-30321 o ACM-30640 o ACM-30970 o ACM-8640 For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation: https://docs.redhat.com/documentation/en-us/ red_hat_advanced_cluster_management_for_kubernetes/2.15/ Fixes o ACM-23783 - Submariner Gateway: Add support for IPv6 VxLAN tunnels. o ACM-24797 - Connection status between two clusters goes from Connected to Connecting from both directions o ACM-25518 - Update the Submariner documentation to include OVN Ipsec Support. o ACM-26321 - Cannot create new LoadBalancer Service types on AWS after installing Submariner o ACM-26965 - Following submariner migration to nftables, orphaned iptables rules are not being deleted. o ACM-27273 - Not able to build submariner components for IBM Power and Z o ACM-30321 - "subctl cloud prepare aws" creates machine that will not be provisioned as node o ACM-30640 - Submariner does not establish connections in AWS o ACM-30970 - Add in prequsites section : Avoid port 4500 for openstack o ACM-8640 - Submariner: add Nftables support CVEs o CVE-2025-61726 o CVE-2025-61728 o CVE-2025-61729 o CVE-2025-68121 o CVE-2025-68151 o CVE-2026-21441 o CVE-2026-25679 o CVE-2026-26017 o CVE-2026-26018 o CVE-2026-27137 o CVE-2026-33186 References o https://access.redhat.com/security/updates/classification/ - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AUSCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AUSCERT's members. As AUSCERT did not write the document quoted above, AUSCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AUSCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://portal.auscert.org.au/bulletins/ =========================================================================== AUSCERT The University of Queensland, Brisbane QLD 4072 Australia e: auscert@auscert.org.au t: +61 (0)7 3365 4417 Allies in Cyber Security ===========================================================================
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Submariner v0.22 security fixes and container |