VDB
RHSA-2026%3A29082
RHSA-2026%3A29082
PUBLISHED
CVSS 9.100000381469727 CRITICAL
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
Risk Scores
CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/cloud-network-config-controller-rhel9@sha256:ba9e1c0ddb355bf4b2f79835fdf0eea2810f278f9d841e156f8f1e5b8f533eb5_s390x as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-agent-installer-orchestrator-rhel9@sha256:692da61f285b17cdf861152c7f94843500bb3a6ff1a4cc05235b832d095ed196_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/kubevirt-csi-driver-rhel9@sha256:eeec2a468cebf8740d7b0eb841f159da6300714ded2c574a4786b09b1f0eecf2_ppc64le as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-machine-api-provider-aws-rhel9@sha256:7aa4a32b39d19995362d2cf73b649095766914fb0f3936db346ab1e32d8e8d84_amd64 as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-aws-ebs-csi-driver-rhel9@sha256:28b6b1a39308883bbd44eb33893000f5e079d301f0ef23c04871a1559b867288_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-monitoring-plugin-rhel9@sha256:87622623e43355526c42c217dbc5a12ebcc4da58f21a0c1ab0e5ef8fe275ec13_amd64 as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-csi-external-resizer-rhel9@sha256:f3974d4c830931e6d149d164de9f41a63ad4e257c8bbd02ad45ed46896838fbe_ppc64le as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/azure-kms-encryption-provider-rhel9@sha256:176a57250b6da5829f76ec6daf914b92d4ccf3d0e7a7e2cb658ff329ee9c703b_ppc64le as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-prometheus-rhel9@sha256:c20f9ced0997e148ade91fcf79e0bef1b643e6b023c4e5340082ecb4d5eaf246_s390x as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/kubevirt-csi-driver-rhel9@sha256:f8f7e55c09b838b9035882e584c347727125746b9a77422fd3a56d9c8634ce06_s390x as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-insights-rhel9-operator@sha256:5b7271666ea144b7899d65d48a82d139e342ee75e55d9dee9273aff38b77baf6_s390x as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-monitoring-rhel9-operator@sha256:0086b8b78bdbf331a311acfb99a0afaa072a62b5663a9f4fec7b616a0b027247_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-nutanix-machine-controllers-rhel9@sha256:2dc4ea89869fb3c3f3e4708a24099c0d2eedbe8acd49156888913f44c9d5a7f0_amd64 as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-operator-registry-rhel9@sha256:aea6178f5e7053a07e6062dc7acbe5d53442dd8da013dbb3544686836343c49d_amd64 as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-multus-cni-rhel9@sha256:b06734851b8cba4f9006262ff9dd89eb7fb8c88ab154d4da22c2c345a96a2ad6_amd64 as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-openshift-apiserver-rhel9@sha256:66a029f217bcb609c3fd651df06cc40b1adceb524483b6ceb7a8c77e65529eaa_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-olm-catalogd-rhel9@sha256:a13f0a2dc3c517d363088d5671bc61af41b740712d2bbfaebb415df0e71b631f_s390x as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-image-registry-rhel9-operator@sha256:2eb4780a7f95e59d1c080d78496508ab610792c0ebeacf5bd22dd6f782a84c5a_ppc64le as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-prometheus-config-reloader-rhel9@sha256:957fb7f6f765b88f3307c40efdcae093ad7c7fea2dd8d13824120d411e7a554f_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | * |
| Red Hat | registry.redhat.io/openshift4/ose-console-rhel9@sha256:f2d5df056c646c93a8833d34f2edcfc9dd028af205d44efbf80d3cd715bd46cc_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | * |
…and 636 more
Timeline
- Jul 1, 2026 CVE Published
- Jul 3, 2026 CVE Updated
- Jul 3, 2026 Distribution Patch
- Jul 3, 2026 Distribution Patch
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
- Jul 3, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2026:29082 advisory
- https://access.redhat.com/security/cve/CVE-2026-33186 advisory
- https://access.redhat.com/security/cve/CVE-2026-34043 advisory
- https://access.redhat.com/security/cve/CVE-2026-44486 advisory
- https://access.redhat.com/security/cve/CVE-2026-44487 advisory
- https://access.redhat.com/security/cve/CVE-2026-44488 advisory
- https://access.redhat.com/security/cve/CVE-2026-44492 advisory
- https://access.redhat.com/security/cve/CVE-2026-44494 advisory
- https://access.redhat.com/security/cve/CVE-2026-44495 advisory
- https://access.redhat.com/security/cve/CVE-2026-44496 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29082.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2449833 issue
- https://www.cve.org/CVERecord?id=CVE-2026-33186 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-33186 advisory
- https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2453284 issue
- https://www.cve.org/CVERecord?id=CVE-2026-34043 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-34043 advisory
- https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b advisory
…and 30 more