VDB

RHSA-2026%3A29082

RHSA-2026%3A29082 PUBLISHED CVSS 9.100000381469727 CRITICAL

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.

Risk Scores

CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/openshift4/cloud-network-config-controller-rhel9@sha256:ba9e1c0ddb355bf4b2f79835fdf0eea2810f278f9d841e156f8f1e5b8f533eb5_s390x as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-agent-installer-orchestrator-rhel9@sha256:692da61f285b17cdf861152c7f94843500bb3a6ff1a4cc05235b832d095ed196_arm64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/kubevirt-csi-driver-rhel9@sha256:eeec2a468cebf8740d7b0eb841f159da6300714ded2c574a4786b09b1f0eecf2_ppc64le as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-machine-api-provider-aws-rhel9@sha256:7aa4a32b39d19995362d2cf73b649095766914fb0f3936db346ab1e32d8e8d84_amd64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-aws-ebs-csi-driver-rhel9@sha256:28b6b1a39308883bbd44eb33893000f5e079d301f0ef23c04871a1559b867288_arm64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-monitoring-plugin-rhel9@sha256:87622623e43355526c42c217dbc5a12ebcc4da58f21a0c1ab0e5ef8fe275ec13_amd64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-csi-external-resizer-rhel9@sha256:f3974d4c830931e6d149d164de9f41a63ad4e257c8bbd02ad45ed46896838fbe_ppc64le as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/azure-kms-encryption-provider-rhel9@sha256:176a57250b6da5829f76ec6daf914b92d4ccf3d0e7a7e2cb658ff329ee9c703b_ppc64le as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-prometheus-rhel9@sha256:c20f9ced0997e148ade91fcf79e0bef1b643e6b023c4e5340082ecb4d5eaf246_s390x as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/kubevirt-csi-driver-rhel9@sha256:f8f7e55c09b838b9035882e584c347727125746b9a77422fd3a56d9c8634ce06_s390x as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-insights-rhel9-operator@sha256:5b7271666ea144b7899d65d48a82d139e342ee75e55d9dee9273aff38b77baf6_s390x as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-cluster-monitoring-rhel9-operator@sha256:0086b8b78bdbf331a311acfb99a0afaa072a62b5663a9f4fec7b616a0b027247_arm64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-nutanix-machine-controllers-rhel9@sha256:2dc4ea89869fb3c3f3e4708a24099c0d2eedbe8acd49156888913f44c9d5a7f0_amd64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-operator-registry-rhel9@sha256:aea6178f5e7053a07e6062dc7acbe5d53442dd8da013dbb3544686836343c49d_amd64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-multus-cni-rhel9@sha256:b06734851b8cba4f9006262ff9dd89eb7fb8c88ab154d4da22c2c345a96a2ad6_amd64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-openshift-apiserver-rhel9@sha256:66a029f217bcb609c3fd651df06cc40b1adceb524483b6ceb7a8c77e65529eaa_arm64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-olm-catalogd-rhel9@sha256:a13f0a2dc3c517d363088d5671bc61af41b740712d2bbfaebb415df0e71b631f_s390x as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-cluster-image-registry-rhel9-operator@sha256:2eb4780a7f95e59d1c080d78496508ab610792c0ebeacf5bd22dd6f782a84c5a_ppc64le as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-prometheus-config-reloader-rhel9@sha256:957fb7f6f765b88f3307c40efdcae093ad7c7fea2dd8d13824120d411e7a554f_arm64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatregistry.redhat.io/openshift4/ose-console-rhel9@sha256:f2d5df056c646c93a8833d34f2edcfc9dd028af205d44efbf80d3cd715bd46cc_arm64 as a component of Red Hat OpenShift Container Platform 4.16*

…and 636 more

Timeline

  • Jul 1, 2026 CVE Published
  • Jul 3, 2026 CVE Updated
  • Jul 3, 2026 Distribution Patch
  • Jul 3, 2026 Distribution Patch
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
  • Jul 3, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›