VDB

RHSA-2026%3A25183

RHSA-2026%3A25183 PUBLISHED CVSS 9.100000381469727 CRITICAL

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.

Risk Scores

CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/openshift4/rdma-cni-rhel9@sha256:66ff80ec62c5ca9acde62ec1959636c0838a4c3f743fe7fa7ee16cfa73b68ef6_arm64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-cloud-event-proxy-rhel9@sha256:bbc22eb8e3c8b1a8b6e4c4c67a7de7029a663844b4a32d97ce4cb9409c6a7243_ppc64le as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-clusterresourceoverride-rhel9@sha256:318a0790da610c038878f604984d2097fd343950c7a19be380c0eb93576ce149_amd64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/metallb-rhel9-operator@sha256:a7c7353f650032dca77642c03e019f51d03e0e53833cae3e4a8716e6aa5e3137_amd64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/metallb-rhel9@sha256:99045a0ec0103824cd7b15967ea1a24cbfa22895b8da40fe90cb7eb0b7c64db1_s390x as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-local-storage-rhel9-operator@sha256:f81893728b3145fd8cf3124c8322152a39a6a6dcecc22c5635f708d70d6441e9_ppc64le as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/nmstate-console-plugin-rhel9@sha256:8e7193f7c19de6f69e9e8bf1195ff7127f5b457c77982dc0ea82aa9654b41295_amd64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ptp-must-gather-rhel9@sha256:30105855d24dd4c3416e17eec9266e4caacbeeec9e36cc9e9ae1733af3002c6f_arm64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-csi-livenessprobe-rhel9@sha256:35529853993d22db0e171ead911ad6be43aad6fb7412ad60cc8780dd041eeac6_amd64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-clusterresourceoverride-rhel9@sha256:7d0ee426415366ae01e279d9d37910f512101d0ca3954fada90f7ef41c463623_ppc64le as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-ptp-rhel9-operator@sha256:0d321b8b7557ac625caf6ad70ca1e67a1aaf7e32bcdf9ec3f11c13e19b87cfab_amd64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel9@sha256:b1bdce7ab2da5d78661deb28655869c3ef5b465c84deaed87f1051a9ff80de46_arm64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-secrets-store-csi-mustgather-rhel9@sha256:64ef93e2a8693f00a5583436646d8521c681541e6272d014aad859d667883f8e_amd64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-ansible-rhel9-operator@sha256:03bae849f44c05a66cc12a3e7ec69cf462de8229a81790d0bbed26bf58fb7818_s390x as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-sriov-network-webhook-rhel9@sha256:555200bcc71ee842a5589e5aeb0b933967fb694b3fe54c5837b827cf05dd520f_arm64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:ce32166f81967cc551375285d9659c4511888a843e825165e53264bda6d29735_ppc64le as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/kubernetes-nmstate-rhel9-operator@sha256:36282ae55143491dd562a82d206bc2e9ea8d4f5efefe3197451f1c539ad7f7f5_ppc64le as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-operator-sdk-rhel9@sha256:df25d8f43c3c350e69df77cfc30a3bd7305ed33640cf75c902bc6042d78119b6_s390x as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-dpu-cni-rhel9@sha256:05c6827b78a5be71ae14dbd308cad44b474fd45396a0a275070615123845dc83_amd64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *
Red Hatregistry.redhat.io/openshift4/ose-sriov-dp-admission-controller-rhel9@sha256:51b605ad52f3f2e716c3cbe0f1b39657713ef1f908ec3fa96f6ef9bcd06929fd_arm64 as a component of Red Hat OpenShift Container Platform 4.18*, *, *

…and 186 more

Timeline

  • Jun 17, 2026 CVE Published
  • Jun 17, 2026 Distribution Patch
  • Jun 17, 2026 Distribution Patch
  • Jun 17, 2026 Security Advisory
  • Jun 17, 2026 Security Advisory
  • Jul 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›