RHSA-2026%3A11331

Risk Scores

Affected Products

Exploit Intelligence

• gRPC-Go RBAC Authorization Policy Bypass via Missing `:path` Slash (Auth Bypass) (github-poc-repo)
• gRPC-Go RBAC Authorization Policy Bypass via Missing `:path` Slash (Auth Bypass) (github-poc-repo)
• gRPC-Go RBAC Authorization Policy Bypass via Missing `:path` Slash (Auth Bypass) (github-poc)
• gRPC-Go RBAC Authorization Policy Bypass via Missing `:path` Slash (Auth Bypass) (github-poc)
• https://access.redhat.com/errata/RHSA-2026:11331 (circl)
• https://access.redhat.com/security/cve/CVE-2025-68121 (circl)
• https://access.redhat.com/security/cve/CVE-2026-25679 (circl)
• https://access.redhat.com/security/cve/CVE-2026-27137 (circl)
• https://access.redhat.com/security/cve/CVE-2026-33186 (circl)
• https://access.redhat.com/security/cve/CVE-2026-33211 (circl)

…and 72 more exploits

Timeline

• Apr 28, 2026 CVE Published
• Apr 28, 2026 Distribution Patch
• Apr 28, 2026 Distribution Patch
• Apr 28, 2026 Security Advisory
• Apr 28, 2026 Security Advisory
• Apr 28, 2026 Security Advisory
• Apr 28, 2026 Security Advisory
• Apr 28, 2026 Security Advisory
• Apr 28, 2026 Security Advisory
• Apr 28, 2026 Security Advisory
• May 8, 2026 CVE Updated

References

• https://access.redhat.com/errata/RHSA-2026:11331 advisory
• https://access.redhat.com/security/cve/CVE-2025-68121 url
• https://access.redhat.com/security/cve/CVE-2026-25679 url
• https://access.redhat.com/security/cve/CVE-2026-27137 url
• https://access.redhat.com/security/cve/CVE-2026-33186 url
• https://access.redhat.com/security/cve/CVE-2026-33211 url
• https://access.redhat.com/security/cve/CVE-2026-33810 url
• https://access.redhat.com/security/updates/classification/ url
• https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.7 url
• https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11331.json advisory