VDB

RHSA-2026%3A28964

RHSA-2026%3A28964 PUBLISHED CVSS 7.400000095367432 HIGH

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.

Risk Scores

CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/openshift4/ose-csi-external-attacher-rhel9@sha256:2eaab8240a6a35bec06bf79d0d442f972e01f677dbec3a2d04e3eec8999f1fae_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-must-gather@sha256:c3f183e79c3c68704cc764d60deb51e64babf1ee6f455ac6de391a9aef05293f_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-azure-disk-csi-driver-rhel9@sha256:f9ecd26c5859be0fd15342172032d199b9b2a77de6613558bd23a9f86a7a157b_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-agent-installer-utils-rhel9@sha256:dade1e0768dd7a8080d55a14c9c63bc6a95e10a18a82ef879e54ada59dac2700_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-cluster-dns-rhel9-operator@sha256:d4519db5edaf228a1810b4a1768d3097fe6ef7a26b43b70a5ab932be65c26a9f_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-cluster-kube-scheduler-rhel9-operator@sha256:c88250335c3f429c872add6e84f66100079d95e23f3338e147b01b74d06fcadf_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-kubevirt-cloud-controller-manager-rhel9@sha256:b9d7d218f82d364a1dae6195746a0df43713f8a9f5abafee4236f2e954f757d8_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-cluster-platform-operators-manager-rhel9@sha256:150818ba856068cf2d6ba566ecb2fcd51eb307d741d1e8107bbbc0f023e18ce2_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:dcf663c20a94fcdee5f548cb845f134e9d1c6bb06f5e11a7f600d284095a2f15_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-k8s-prometheus-adapter-rhel9@sha256:764c01680a9c0f247220aebac6d5f530799100c8b05efa67314707a75a74ae33_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-csi-external-resizer-rhel8@sha256:1c986612412052498e64750f9f055195c1d7fca5c46b4f0d8f9ab47b83f43ba5_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-multus-networkpolicy-rhel9@sha256:b3e4a17d128a9f3ef05d14027cd88c15783d5f7da6df5087303726c41e0c48a9_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-prometheus@sha256:2e8a2d5a0b8387653a9393da03a7a7f2cb8200aeefaf461ff6a42b71b7d1d0de_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-network-interface-bond-cni-rhel8@sha256:c1b165f1fa6f6d23917ff1e01fecc206faa89d00ca671233228fa595547b7928_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-cluster-monitoring-rhel9-operator@sha256:bebec0e03b454c93ac8c51dae5f2736b317dfbf40b329ce0d4c95260e926e164_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-cluster-csi-snapshot-controller-rhel9-operator@sha256:e11fb804d2121bc9e3825e46bf618a61068fb7ffc148c282c7177cb8ceb61bbc_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-aws-cloud-controller-manager-rhel9@sha256:a7ea7617a5dd819aea71a1e4cdf2175afe585bcf466f45256b5a48d88ca796b5_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-prometheus-operator-admission-webhook-rhel9@sha256:f81a0ed86be71df540ca8ad41caa6345e4bbbd60300c94a253f6b79d52c29d98_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-cluster-control-plane-machine-set-rhel9-operator@sha256:a31b77119ebb1386c858d30ef31a984535b51853a918c82305eb0938872eee91_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatregistry.redhat.io/openshift4/ose-cluster-version-rhel9-operator@sha256:dbf0601045a396b566556396c987201e90f88a2c7b6a788374321c31b85d07d0_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, *

…and 641 more

Timeline

  • Jul 1, 2026 CVE Published
  • Jul 3, 2026 Distribution Patch
  • Jul 3, 2026 Distribution Patch
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›