VDB

RHSA-2026%3A26997

RHSA-2026%3A26997 PUBLISHED CVSS 9.100000381469727 CRITICAL

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.

Risk Scores

CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatkernel-tools-debuginfo-0:5.14.0-427.132.1.el9_4.s390x as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-modules-0:5.14.0-427.132.1.el9_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-debug-modules-partner-0:5.14.0-427.132.1.el9_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-rt-devel-matched-0:5.14.0-427.132.1.el9_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-debug-modules-core-0:5.14.0-427.132.1.el9_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-tools-libs-0:5.14.0-427.132.1.el9_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-modules-internal-0:5.14.0-427.132.1.el9_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-debug-modules-0:5.14.0-427.132.1.el9_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-0:5.14.0-427.132.1.el9_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-tools-libs-0:5.14.0-427.132.1.el9_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-debug-modules-0:5.14.0-427.132.1.el9_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-debug-modules-extra-0:5.14.0-427.132.1.el9_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-64k-devel-matched-0:5.14.0-427.132.1.el9_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-64k-0:5.14.0-427.132.1.el9_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-0:5.14.0-427.132.1.el9_4.src as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-tools-0:5.14.0-427.132.1.el9_4.s390x as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-debug-uki-virt-0:5.14.0-427.132.1.el9_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-debug-core-0:5.14.0-427.132.1.el9_4.s390x as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatkernel-64k-modules-0:5.14.0-427.132.1.el9_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9
Red Hatpython3-perf-0:5.14.0-427.132.1.el9_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.185.14.0-427.132.1.el9, 5.14.0-427.132.1.el9, 5.14.0-427.132.1.el9

…and 186 more

Timeline

  • Jun 24, 2026 CVE Published
  • Jun 26, 2026 Distribution Patch
  • Jun 26, 2026 Distribution Patch
  • Jun 26, 2026 Security Advisory
  • Jun 26, 2026 Security Advisory
  • Jul 3, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›