VDB
RHSA-2026%3A28964
RHSA-2026%3A28964
PUBLISHED
CVSS 7.400000095367432 HIGH
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/ose-csi-external-attacher-rhel9@sha256:2eaab8240a6a35bec06bf79d0d442f972e01f677dbec3a2d04e3eec8999f1fae_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-must-gather@sha256:c3f183e79c3c68704cc764d60deb51e64babf1ee6f455ac6de391a9aef05293f_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-azure-disk-csi-driver-rhel9@sha256:f9ecd26c5859be0fd15342172032d199b9b2a77de6613558bd23a9f86a7a157b_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-agent-installer-utils-rhel9@sha256:dade1e0768dd7a8080d55a14c9c63bc6a95e10a18a82ef879e54ada59dac2700_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-dns-rhel9-operator@sha256:d4519db5edaf228a1810b4a1768d3097fe6ef7a26b43b70a5ab932be65c26a9f_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-kube-scheduler-rhel9-operator@sha256:c88250335c3f429c872add6e84f66100079d95e23f3338e147b01b74d06fcadf_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-kubevirt-cloud-controller-manager-rhel9@sha256:b9d7d218f82d364a1dae6195746a0df43713f8a9f5abafee4236f2e954f757d8_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-platform-operators-manager-rhel9@sha256:150818ba856068cf2d6ba566ecb2fcd51eb307d741d1e8107bbbc0f023e18ce2_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:dcf663c20a94fcdee5f548cb845f134e9d1c6bb06f5e11a7f600d284095a2f15_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-k8s-prometheus-adapter-rhel9@sha256:764c01680a9c0f247220aebac6d5f530799100c8b05efa67314707a75a74ae33_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-csi-external-resizer-rhel8@sha256:1c986612412052498e64750f9f055195c1d7fca5c46b4f0d8f9ab47b83f43ba5_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-multus-networkpolicy-rhel9@sha256:b3e4a17d128a9f3ef05d14027cd88c15783d5f7da6df5087303726c41e0c48a9_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-prometheus@sha256:2e8a2d5a0b8387653a9393da03a7a7f2cb8200aeefaf461ff6a42b71b7d1d0de_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-network-interface-bond-cni-rhel8@sha256:c1b165f1fa6f6d23917ff1e01fecc206faa89d00ca671233228fa595547b7928_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-monitoring-rhel9-operator@sha256:bebec0e03b454c93ac8c51dae5f2736b317dfbf40b329ce0d4c95260e926e164_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-csi-snapshot-controller-rhel9-operator@sha256:e11fb804d2121bc9e3825e46bf618a61068fb7ffc148c282c7177cb8ceb61bbc_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-aws-cloud-controller-manager-rhel9@sha256:a7ea7617a5dd819aea71a1e4cdf2175afe585bcf466f45256b5a48d88ca796b5_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-prometheus-operator-admission-webhook-rhel9@sha256:f81a0ed86be71df540ca8ad41caa6345e4bbbd60300c94a253f6b79d52c29d98_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-control-plane-machine-set-rhel9-operator@sha256:a31b77119ebb1386c858d30ef31a984535b51853a918c82305eb0938872eee91_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-version-rhel9-operator@sha256:dbf0601045a396b566556396c987201e90f88a2c7b6a788374321c31b85d07d0_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, * |
…and 641 more
Timeline
- Jul 1, 2026 CVE Published
- Jul 3, 2026 Distribution Patch
- Jul 3, 2026 Distribution Patch
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2026:28964 advisory
- https://access.redhat.com/security/cve/CVE-2025-68121 advisory
- https://access.redhat.com/security/cve/CVE-2026-1784 advisory
- https://access.redhat.com/security/cve/CVE-2026-27143 advisory
- https://access.redhat.com/security/cve/CVE-2026-27144 advisory
- https://access.redhat.com/security/cve/CVE-2026-29063 advisory
- https://access.redhat.com/security/cve/CVE-2026-33186 advisory
- https://access.redhat.com/security/cve/CVE-2026-44486 advisory
- https://access.redhat.com/security/cve/CVE-2026-44487 advisory
- https://access.redhat.com/security/cve/CVE-2026-44488 advisory
- https://access.redhat.com/security/cve/CVE-2026-44492 advisory
- https://access.redhat.com/security/cve/CVE-2026-44494 advisory
- https://access.redhat.com/security/cve/CVE-2026-44495 advisory
- https://access.redhat.com/security/cve/CVE-2026-44496 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28964.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2437111 issue
- https://www.cve.org/CVERecord?id=CVE-2025-68121 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-68121 advisory
- https://go.dev/cl/737700 advisory
…and 58 more