VDB

RHSA-2026%3A14775

RHSA-2026%3A14775 PUBLISHED CVSS 9.100000381469727 CRITICAL

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.

Risk Scores

CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:6c3605543dacd227ee1db6edb486707bce9680b12f02cb3ae171aa0b96a6bd62_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ingress-node-firewall-rhel9@sha256:aab9c8ef47d1e7fd1aa22add79a054d2a346447696d1e06a4863718ea2b727c6_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ingress-node-firewall-rhel9@sha256:51831cdc6ef63fda135cd70c4bc62c156a0b7ca74ef1362fb185d1724561aa6f_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ingress-node-firewall-rhel9-operator@sha256:d06946df9ff9d46bc81ced4be0b3ab0ba9ecbfc33d0ccc7d66dcabc541877968_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-baremetal-cluster-api-controllers-rhel9@sha256:b3b04515ca5278b2170d379964be00ad06683d9bf480a76833119e54793f2160_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-sriov-infiniband-cni-rhel9@sha256:b747df733aebd6c5e1fad3601fd3f63a439e1ccd37ef0466a5695b0d5cea2812_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-ptp-rhel9-operator@sha256:188b0c74026073c1982ac4e470d8cdf61c5f18e418fe39c644099e2f84699817_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:d8e5e61e5afdbb9f550fb0a068b57948947151fc61369efc9a950d35cc0637dd_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-egress-dns-proxy@sha256:47065087b4f1a8dfae1dd426a26e44a505dafbfa1e4cf8741dbd5bfedc2d23da_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/metallb-rhel9-operator@sha256:11afd173704d838825ff151117d2e85048e8a2856e2a87c21709f3ec960f0e8f_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-sriov-network-webhook-rhel9@sha256:5f45987e03ee4bb554e5b3d5ec1b808f178de4f011ffd74b367df429d8f975e4_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/sriov-cni-rhel9@sha256:1c8098fdfc4c9c28d472fb63d922f5331df1a4e1d5977295c7ab208f6a5b0e01_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-cluster-capacity@sha256:32fb0b26f0765527562b3f08741547fbf9d6118e12e5775e767e811dfb283507_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-local-storage-rhel9-operator@sha256:1cc137f0b07e4f4221da18bc20810273cae2e7e2360700646c8c10e2d2e8d533_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:9be2cc40367502f846d80e762404bd3eb1e2195dd096dfb435a0af80173dadce_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-clusterresourceoverride-rhel9@sha256:b139a97bd12890f03e7b0040e54e525bcaf54b4fc76e64c4a4df1ca1fb300b83_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-baremetal-cluster-api-controllers-rhel9@sha256:503493ec18e19701c35e5b3e4478ce514ec64567d081dd0a5c73bdd9f74bc0a7_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-operator-sdk-rhel8@sha256:98ddacac8c30bd70aa2fa55a9351b2986ecd66267cd7e3ba1a98c9f0d20a7053_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-sriov-network-rhel9-operator@sha256:740f5a8917483864b73b160137b7c0da1a61efa44785790ca1d2891ca261ee17_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatregistry.redhat.io/openshift4/ose-local-storage-rhel9-operator@sha256:c01521752f051079fbfe4d0c65a640bd0e2beaba8c4232007695652622869223_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *, *

…and 147 more

Timeline

  • May 13, 2026 CVE Published
  • May 15, 2026 Distribution Patch
  • May 15, 2026 Distribution Patch
  • May 15, 2026 Security Advisory
  • May 15, 2026 Security Advisory
  • Jul 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›