VDB

RHSA-2026%3A22388

RHSA-2026%3A22388 PUBLISHED CVSS 8.100000381469727 HIGH

A flaw was found in NGINX, specifically within the ngx_http_rewrite_module. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in arbitrary code execution if Address Space Layout Randomization (ASLR), a security technique to prevent exploitation, is disabled. Otherwise, this flaw causes a denial of service due to a restart of the NGINX worker process.

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:f45c90a65cc1932f7d9b180d62394ff194566f22feba29c8656e5f87faae66a3_ppc64le as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:59dccfe50a1b819f7c494c11137e03223e8b9c3ba2194cceeda10d8bbbfaf6a4_ppc64le as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/ocs-client-console-rhel9@sha256:94716f2159fa51e879398c82f8818416c6341fe61e732b7b91267b7c37a98e33_ppc64le as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/odf-rhel9-operator@sha256:7ad3e612562873fb6cd87277eebee14152819e5f5d13878b787d5822adf98b5b_arm64 as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/mcg-rhel9-operator@sha256:888cc9d7770249951b3408fb027cc7b3037c021238aa4bf8e197aa8da17bd743_ppc64le as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d1ab93e29f6b0be17fd1c48a18d40fd7bcb5e660762372a592b24f8c3d95f74e_s390x as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/mcg-operator-bundle@sha256:0aeeeedc4c55d67f19805f0b2623c77b005995b370dbe48580dd54f12a4d7558_amd64 as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/odr-rhel9-operator@sha256:6a66b7bd50cb1fbb106deb2e2962c251a0c0ea66ffd272b7000c965f23065cf5_s390x as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/ocs-operator-bundle@sha256:fa80c80ffaa4340822dc7d96488d2c89cd72318c431717d05fab8c5f086ce242_amd64 as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:5fa090d9f40fa601075596bc662c8ba81867828d75d676d59c631a1a1d11a359_amd64 as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:c1aed7972f5c366ce2aa64c242eab7fce26850f38a60ee09bf3534d6a1a225d0_s390x as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6c30b3fc1f0ff55bc104cb25bf3c12d6f7596426587ca16c08e998572e7a53b5_s390x as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/odr-rhel9-operator@sha256:205593aa595338dcd49c1958540ef623f29d4fe7267d884cbc04e6fb2cce4717_ppc64le as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/mcg-rhel9-operator@sha256:a5d31b1d8168118b6796362c2d0faeb7e5ccd827a4cfed6bbad12e9f06ac1dd2_arm64 as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/ocs-rhel9-operator@sha256:a3c813daa6265810afa97542056c16d6c044d4f429e331fe0d7bc37e45729055_amd64 as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/odf-console-rhel9@sha256:9b69ec5063534a53efd936455f15c8e26f92e3abffa92fd15bb473c6997f4a8b_s390x as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/odf-rhel9-operator@sha256:c6bf22380fa04d9297b6280ede61d7105ed767bd1724d50bf040308a17e80176_amd64 as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:27db3ef223c48dab546bcee1a4b4682b4bf374965a44f4c7c69faaa007fee72f_s390x as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:d228b7b55d2400a036827caa480c1ba34a00eca2ff7411e714dedc27592df53e_amd64 as a component of Red Hat Openshift Data Foundation 4.18*
Red Hatregistry.redhat.io/odf4/odf-rhel9-operator@sha256:468a2de4fa1eeed31f632d725ac7a1865ecab19f2e9a7997d1ccb95edb0197da_s390x as a component of Red Hat Openshift Data Foundation 4.18*

…and 61 more

Timeline

  • Jun 2, 2026 CVE Published
  • Jun 23, 2026 CVE Updated
  • Jun 23, 2026 Distribution Patch
  • Jun 23, 2026 Distribution Patch
  • Jun 23, 2026 Security Advisory
  • Jun 23, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›