VDB

RHSA-2026%3A33071

RHSA-2026%3A33071 PUBLISHED CVSS 6.5 MEDIUM

A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Service (DoS) by causing the affected components to become unresponsive.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/container-native-virtualization/virt-exportproxy-rhel9@sha256:0c27406b3426a676b502ab35f6203d120f981c09e03458331075eed188fcb20a_arm64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/virt-exportserver-rhel9@sha256:54eb245a8ad5ffbc2d3fe463965d5ccec1b465e808309389b3a1c2f1b3a34bf7_amd64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/virt-controller-rhel9@sha256:d4d1d8601f3f42d89686f8f54fecf12ef99bb9e06cb9cd8981579c2d00ca8785_amd64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/virt-artifacts-server-rhel9@sha256:48afe410e0f5d70aeb97707961a71f0b730d9be4a781cc50ac2a065ab638ac04_amd64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/virt-launcher-rhel9@sha256:827d76bf3228ac4ec7264a65d1d17b8c1223ace43855b4189f7579a8daf89878_arm64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/virt-controller-rhel9@sha256:1d869caaffb10681b35fadea30e4dda24a5ca5f91582ca2d9dda018e55a8399d_arm64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/passt-network-binding-plugin-cni-rhel9@sha256:d9b9b386fb63e2d4bd38d186889a3290fd358fe01472db9818da6dad06a708e6_amd64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/sidecar-shim-rhel9@sha256:4c3b6b29442e9df38857769a1ca9c4779c8190fe709601670a076eb0a50bc5bb_arm64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/virt-operator-rhel9@sha256:b5e3b604a33dfa6b57e730ba8ab942dfd7e6c3d25d58ee8f16caa384d7e6c99a_amd64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/passt-network-binding-plugin-sidecar-rhel9@sha256:ceb024e97dcf8d1cfb894c5e0927ba11fbd5bb7ffabc193e00016407cc8a0988_amd64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/virt-artifacts-server-rhel9@sha256:46e25c8a13eafc8a75b4a808fd8ad04db4e9ebe2115f50e52a9ab686efa84fb3_arm64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/pr-helper-rhel9@sha256:76a966004c98ce21fffc54171342071597d278dc000cb304d79a14f70490e651_arm64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/virt-operator-rhel9@sha256:167e81e8aaff8bfc6c1dfb0281f1bddf586a86ba8fdedca3ff25078075d3cbb3_arm64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/sidecar-shim-rhel9@sha256:3e36d580baf536afe152be1f0b30abd6c1f04bd0ae03a83138f0a92975565fd3_amd64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/libguestfs-tools-rhel9@sha256:5210a8bc3a8ee4820dd602b3fa8fb7fdcde381b5e6f36f555e8378b5803e6bcd_arm64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/libguestfs-tools-rhel9@sha256:fc8c4b85db018114dc16f4e7393424202f0662c1a21999d52392b367eea72f02_amd64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/passt-network-binding-plugin-cni-rhel9@sha256:e4aef272d71249eb7b3f5c93dcb71485c008f75ead849470652310f175b1f632_arm64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/virt-exportproxy-rhel9@sha256:14e3166bf28a9fe9ab5d5bd01992669e2617446773be0faec2b0a3ea17e32c7d_amd64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/pr-helper-rhel9@sha256:286411616524500057192d01e3a9aa50dd76760a1de853af184647ed555348b4_amd64 as a component of Red Hat Container Native Virtualization 4.17*, *
Red Hatregistry.redhat.io/container-native-virtualization/virt-api-rhel9@sha256:5cf6f890e76f732edb4bf48e194778a69dcb6804c6683f8b1682cb525b00eb44_arm64 as a component of Red Hat Container Native Virtualization 4.17*, *

…and 6 more

Timeline

  • Jun 29, 2026 CVE Published
  • Jul 1, 2026 Distribution Patch
  • Jul 1, 2026 Distribution Patch
  • Jul 1, 2026 Security Advisory
  • Jul 1, 2026 Security Advisory
  • Jul 16, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›