VDB

RHSA-2026%3A22689

RHSA-2026%3A22689 PUBLISHED CVSS 7.5 HIGH

A flaw was found in kin-openapi. This vulnerability allows excessive memory consumption via upload of a crafted ZIP file (a "ZIP bomb").

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:6f8ad1c7816c085afe63afc086f23e7651865c8397aea1c9ff59d0b3990b8646_s390x as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:6c2148a6a037f97f1cb2bb57b0d7e791dd027e04a55c8519015ae066a27c2cf4_amd64 as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:44ad772241a2bdf7b22e391abe0ac82beeb5f69d4f2d3230607009e0b1a35cef_s390x as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ecc06b5309b9d426c6e8702f5e5e56d5335e3647095b7ca152ee57aadf0ed874_amd64 as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:81aa07fa1a1eb08d66d2fa2bb76b06c21fee7a37de45180c976ebe564f69b28a_ppc64le as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:2ecab1cef8696f2c0e400e25b9d45d32cd198a3e168b4534fcbb3c46b0327363_arm64 as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:68e56d8b9e2715117e3dd89abfc9d7220a45fda0965086abcda4c1ad2b00fa36_amd64 as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:785ed1b58358014fc49b30872dfa27382773da3c38d2031695132cb59a1f8c73_ppc64le as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:cfcf71f40ad66d8c16d108109abc23a12020a6ee02ca4cdf058e29ce0c5a0ea3_amd64 as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:0143ee81f30ed9b6f656e1fbab78dbd4b914984f98e9107ae571f018b624503b_ppc64le as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:8386d98f9678df55c55572d30d222a3213384a68a62c2ae31a874b8f856defdf_amd64 as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:f401146b51e99537f38a4c86bd74cbd9c5651d7763dff41687e3170823612018_s390x as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:07da3babe8c8dace85d419ecb6d7fdd94a5b261139932531f99b7b0c6e24e6c6_ppc64le as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:fa0b4aa1820680d60cb408dc45a8cc0ecd0843c4196a69548b6afb226060db21_s390x as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:747606aa5c88f6c4a444b0eb526f6a600f8a2a514a7b7c8988ec4f161d925936_arm64 as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:8cdabccc29e206490c69aeb2ce0e0e0211067fd2dc124f2c9593c456e313249d_arm64 as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:1dd2991d68ecc5ac62e2e57ae44f3a8181e23c82be9307f445b7b4579accb984_s390x as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:24bf8efae0cc2002e4475b2f228e75b39a3146923a3c5c33a0750a8d69a5c7d1_amd64 as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:5cb7e29a813c814150b2fccbd067b33666aba266c259bba576dfe2f3b7a73dbe_ppc64le as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:f2adca072912dc7faacee6eda7be79425302b60dc3560fe50a40e5e64f940160_amd64 as a component of multicluster engine for Kubernetes 2.8*, *, *

…and 91 more

Timeline

  • Jun 2, 2026 CVE Published
  • Jun 3, 2026 Distribution Patch
  • Jun 3, 2026 Distribution Patch
  • Jun 3, 2026 Security Advisory
  • Jun 3, 2026 Security Advisory
  • Jun 3, 2026 Security Advisory
  • Jul 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›