VDB
RHSA-2026%3A26997
RHSA-2026%3A26997
PUBLISHED
CVSS 9.100000381469727 CRITICAL
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
Risk Scores
CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | kernel-tools-debuginfo-0:5.14.0-427.132.1.el9_4.s390x as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-modules-0:5.14.0-427.132.1.el9_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-debug-modules-partner-0:5.14.0-427.132.1.el9_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-rt-devel-matched-0:5.14.0-427.132.1.el9_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-debug-modules-core-0:5.14.0-427.132.1.el9_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-tools-libs-0:5.14.0-427.132.1.el9_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-modules-internal-0:5.14.0-427.132.1.el9_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-debug-modules-0:5.14.0-427.132.1.el9_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-0:5.14.0-427.132.1.el9_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-tools-libs-0:5.14.0-427.132.1.el9_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-debug-modules-0:5.14.0-427.132.1.el9_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-debug-modules-extra-0:5.14.0-427.132.1.el9_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-64k-devel-matched-0:5.14.0-427.132.1.el9_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-64k-0:5.14.0-427.132.1.el9_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-0:5.14.0-427.132.1.el9_4.src as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-tools-0:5.14.0-427.132.1.el9_4.s390x as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-debug-uki-virt-0:5.14.0-427.132.1.el9_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-debug-core-0:5.14.0-427.132.1.el9_4.s390x as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | kernel-64k-modules-0:5.14.0-427.132.1.el9_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
| Red Hat | python3-perf-0:5.14.0-427.132.1.el9_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.18 | 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9 |
…and 186 more
Timeline
- Jun 24, 2026 CVE Published
- Jun 26, 2026 Distribution Patch
- Jun 26, 2026 Distribution Patch
- Jun 26, 2026 Security Advisory
- Jun 26, 2026 Security Advisory
- Jul 3, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:26997 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2449833 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26997.json advisory
- https://access.redhat.com/security/cve/CVE-2026-33186 advisory
- https://www.cve.org/CVERecord?id=CVE-2026-33186 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-33186 advisory
- https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 advisory