VDB
RHSA-2026%3A2256
RHSA-2026%3A2256
PUBLISHED
CVSS 8.699999809265137 HIGH
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
Risk Scores
CVSS 3.1
8.699999809265137
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64 as a component of Multicluster Global Hub 1.5.4 | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3d278f0a951bace167aede4fe297422c5acecf9d3a9a8b9f7afa71a610983d0a_amd64 |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64 as a component of Multicluster Global Hub 1.5.4 | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b6efb2a533db272b844688e44d6af15f271a00053c1515496b091e4b6909e850_arm64, *, * |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64 as a component of Multicluster Global Hub 1.5.4 | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c360b6c6f742fb8099e1155dbcca719493084968c00506eda2e251d7706c4dff_amd64, *, * |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64 as a component of Multicluster Global Hub 1.5.4 | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:690e7fb759c6be1e04f7a0aad07bf9a0eee936a2366fc1ad3ba9dafe7ef8b9cd_amd64 |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64 as a component of Multicluster Global Hub 1.5.4 | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64 |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x as a component of Multicluster Global Hub 1.5.4 | *, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64 as a component of Multicluster Global Hub 1.5.4 | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f_arm64 |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64 as a component of Multicluster Global Hub 1.5.4 | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64, *, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:3f81ee9fd7755e0bedf48d3c7afd3ccf8f4fb6b338133efd1360e65a5a90c386_amd64 |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le as a component of Multicluster Global Hub 1.5.4 | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:dc828bf3a86cb0680173e896579f7bd411a0e4f0962ab0ed9903e69c65c13a26_ppc64le |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dcbdff150742e549f0bce567bfbd117c0c63c49ea6817f67109833b1e94ef0c3_ppc64le as a component of Multicluster Global Hub 1.5.4 | *, *, * |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le as a component of Multicluster Global Hub 1.5.4 | *, *, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c9f875963c8f28eba52965eaf1fbddecdc57e076d117f283f7e3fe91eee5fb5c_ppc64le |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64 as a component of Multicluster Global Hub 1.5.4 | *, *, * |
| Red Hat | Multicluster Global Hub | |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fd8ad9e8f5e1eee77c9b7410d14f5ee01f38bee09935065a2b7d33c39c844e3b_s390x as a component of Multicluster Global Hub 1.5.4 | |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64 as a component of Multicluster Global Hub 1.5.4 | *, *, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bedf96d186a5ad327b07ad886ee71351d4c98d47642cb44a29dc15ce8e20ed16_arm64 |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64 as a component of Multicluster Global Hub 1.5.4 | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:a6d74a6341b8333885d75f5b51fa5998017d10833876c6a09dfec72d8d5e672c_amd64, * |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64 as a component of Multicluster Global Hub 1.5.4 | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1f5bd44374885ad72d52fe069a09b2270f42da2e29fb688357a637b9dd1893aa_arm64 |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64 as a component of Multicluster Global Hub 1.5.4 | *, *, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:868a8557d8781e1c69748b98da394af9612d0880220fff1d693377cf833be711_arm64 |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x as a component of Multicluster Global Hub 1.5.4 | *, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x, registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:bbe544ff9335b6d8b9900d3153e3b935173b0f6c0a0a462a4f3db3143fa62d5b_s390x |
| Red Hat | registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39f4686f26cc8bec840f6c77088935e05d8e822be15f63f55d1de58e0ff9cdcc_s390x as a component of Multicluster Global Hub 1.5.4 | *, *, * |
…and 25 more
Exploit Intelligence
- pnpm-workspace.yaml (github-poc)
- seen_cves.json (github-poc)
- sarif.json (github-poc)
- pem_10.3.1_rel_notes.yml (github-poc)
- CVE-2026-2391.yml (github-poc)
- .trivyignore.yml (github-poc)
- 4628.1.0.yml (github-poc)
- 2-cuda12.6.yaml (github-poc)
- 2.yaml (github-poc)
- converter.go (github-poc)
…and 12 more exploits
Timeline
- Feb 9, 2026 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Jun 22, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:2256 advisory
- https://access.redhat.com/security/cve/CVE-2025-12816 advisory
- https://access.redhat.com/security/cve/CVE-2025-15284 advisory
- https://access.redhat.com/security/cve/CVE-2025-66418 advisory
- https://access.redhat.com/security/cve/CVE-2025-66471 advisory
- https://access.redhat.com/security/cve/CVE-2025-68429 advisory
- https://access.redhat.com/security/cve/CVE-2026-21441 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2256.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2417097 issue
- https://www.cve.org/CVERecord?id=CVE-2025-12816 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-12816 advisory
- https://github.com/digitalbazaar/forge advisory
- https://github.com/digitalbazaar/forge/pull/1124 advisory
- https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq advisory
- https://kb.cert.org/vuls/id/521113 advisory
- https://www.npmjs.com/package/node-forge advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2425946 issue
- https://www.cve.org/CVERecord?id=CVE-2025-15284 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-15284 advisory
…and 22 more