VDB
RHSA-2026%3A3869
RHSA-2026%3A3869
PUBLISHED
CVSS 8.699999809265137 HIGH
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
Risk Scores
CVSS 3.1
8.699999809265137
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:01d3bc986dfab006ffae245d3afc81215d7f1ffe314625f3f7ec1334e4336a2e_s390x as a component of Red Hat OpenShift GitOps 1.17 | *, *, registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:01d3bc986dfab006ffae245d3afc81215d7f1ffe314625f3f7ec1334e4336a2e_s390x |
| Red Hat | registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:bb77af2ec9c342d965013140e1a1a07a3c9e587a171f532017240e2d7d49fb81_amd64 as a component of Red Hat OpenShift GitOps 1.17 | *, registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:bb77af2ec9c342d965013140e1a1a07a3c9e587a171f532017240e2d7d49fb81_amd64, * |
| Red Hat | registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8fa4b854c88f6d1ebabccbb847dd11d9bee66275b5091f6bcd9b0eb860e52444_amd64 as a component of Red Hat OpenShift GitOps 1.17 | registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8fa4b854c88f6d1ebabccbb847dd11d9bee66275b5091f6bcd9b0eb860e52444_amd64, registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8fa4b854c88f6d1ebabccbb847dd11d9bee66275b5091f6bcd9b0eb860e52444_amd64, registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8fa4b854c88f6d1ebabccbb847dd11d9bee66275b5091f6bcd9b0eb860e52444_amd64 |
| Red Hat | registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:a8a6e1c81223128f24b66619cf373666957067605f3df9d85ecf3319da7e68ae_arm64 as a component of Red Hat OpenShift GitOps 1.17 | registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:a8a6e1c81223128f24b66619cf373666957067605f3df9d85ecf3319da7e68ae_arm64, registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:a8a6e1c81223128f24b66619cf373666957067605f3df9d85ecf3319da7e68ae_arm64, registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:a8a6e1c81223128f24b66619cf373666957067605f3df9d85ecf3319da7e68ae_arm64 |
| Red Hat | registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0d754ffcfee2da93c085f92a973adb47e2cc65f44be8a1b162983a52a213fb13_s390x as a component of Red Hat OpenShift GitOps 1.17 | registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0d754ffcfee2da93c085f92a973adb47e2cc65f44be8a1b162983a52a213fb13_s390x, registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0d754ffcfee2da93c085f92a973adb47e2cc65f44be8a1b162983a52a213fb13_s390x, registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0d754ffcfee2da93c085f92a973adb47e2cc65f44be8a1b162983a52a213fb13_s390x |
| Red Hat | registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:76134796ff5c05eb6fdd9e6520b4d32ae054822a9fc94584f48ce87c2e3ec6c3_ppc64le as a component of Red Hat OpenShift GitOps 1.17 | registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:76134796ff5c05eb6fdd9e6520b4d32ae054822a9fc94584f48ce87c2e3ec6c3_ppc64le, *, registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:76134796ff5c05eb6fdd9e6520b4d32ae054822a9fc94584f48ce87c2e3ec6c3_ppc64le |
| Red Hat | registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:da70d77c71e755144cc5ed0224b78c78b4a6676db998040bce16becfd731a11a_arm64 as a component of Red Hat OpenShift GitOps 1.17 | *, *, * |
| Red Hat | registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f61631f167ea0d49d3d3a4658b61fd31e38cf355bec3ba8d029f8d15f94e9bde_ppc64le as a component of Red Hat OpenShift GitOps 1.17 | *, registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f61631f167ea0d49d3d3a4658b61fd31e38cf355bec3ba8d029f8d15f94e9bde_ppc64le, * |
| Red Hat | registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c8bb51aadf678fdb8ff83135be94b84df53d4551915ba7af44fb3ed5cfe4a075_ppc64le as a component of Red Hat OpenShift GitOps 1.17 | *, *, registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c8bb51aadf678fdb8ff83135be94b84df53d4551915ba7af44fb3ed5cfe4a075_ppc64le |
| Red Hat | registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:51878bf4ea05a68c73ebd99664ef4b3c718fc8ec53cf98bcac589b4267af7764_amd64 as a component of Red Hat OpenShift GitOps 1.17 | *, registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:51878bf4ea05a68c73ebd99664ef4b3c718fc8ec53cf98bcac589b4267af7764_amd64, * |
| Red Hat | registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:dc8b2b43eb5f9c10be39bfc326068bc5680844bdcc9970c6cebfe952f3f42e58_s390x as a component of Red Hat OpenShift GitOps 1.17 | *, *, registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:dc8b2b43eb5f9c10be39bfc326068bc5680844bdcc9970c6cebfe952f3f42e58_s390x |
| Red Hat | registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f61631f167ea0d49d3d3a4658b61fd31e38cf355bec3ba8d029f8d15f94e9bde_ppc64le as a component of Red Hat OpenShift GitOps 1.17 | registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f61631f167ea0d49d3d3a4658b61fd31e38cf355bec3ba8d029f8d15f94e9bde_ppc64le, *, registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f61631f167ea0d49d3d3a4658b61fd31e38cf355bec3ba8d029f8d15f94e9bde_ppc64le |
| Red Hat | registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:162f9d7ff3c4e5e06e73a6c8cd24dbd9afaacacbf6d57d83988a4e27754f0754_amd64 as a component of Red Hat OpenShift GitOps 1.17 | *, *, * |
| Red Hat | registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:cfba16df56118b9b5dd29cedc795dcdb28d3afce227e72d2cdb8459fe0d6b712_arm64 as a component of Red Hat OpenShift GitOps 1.17 | *, *, * |
| Red Hat | registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:321c3940495fdca2243f65ba5e197c1a6d91c3d615e3fedbe7227d14664b5398_arm64 as a component of Red Hat OpenShift GitOps 1.17 | *, *, * |
| Red Hat | registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:9a17ad8e4efa4ce78562d503bc360f7b661f0d75dd8e0fd454909f49f099fa58_amd64 as a component of Red Hat OpenShift GitOps 1.17 | *, *, * |
| Red Hat | registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:28f4abb103e42261349702992b66571b260509fd25546bfe6e0a2dc6b916822f_amd64 as a component of Red Hat OpenShift GitOps 1.17 | *, *, * |
| Red Hat | registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:bb77af2ec9c342d965013140e1a1a07a3c9e587a171f532017240e2d7d49fb81_amd64 as a component of Red Hat OpenShift GitOps 1.17 | registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:bb77af2ec9c342d965013140e1a1a07a3c9e587a171f532017240e2d7d49fb81_amd64, registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:bb77af2ec9c342d965013140e1a1a07a3c9e587a171f532017240e2d7d49fb81_amd64, registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:bb77af2ec9c342d965013140e1a1a07a3c9e587a171f532017240e2d7d49fb81_amd64 |
| Red Hat | registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:857f0a30e261a68dd35a92a661259f7a1bbbf0d806b3fd294bb4bdbaed34a2a2_amd64 as a component of Red Hat OpenShift GitOps 1.17 | *, *, * |
| Red Hat | registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f5e35c07cddd43dfc71820d47579243e5f423e8672104570c5953eacf4f0b62c_s390x as a component of Red Hat OpenShift GitOps 1.17 | *, *, * |
…and 70 more
Timeline
- Mar 5, 2026 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Jul 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:3869 advisory
- https://access.redhat.com/security/cve/CVE-2025-12816 advisory
- https://access.redhat.com/security/cve/CVE-2025-13465 advisory
- https://access.redhat.com/security/cve/CVE-2025-61726 advisory
- https://access.redhat.com/security/cve/CVE-2025-66418 advisory
- https://access.redhat.com/security/cve/CVE-2025-66471 advisory
- https://access.redhat.com/security/cve/CVE-2026-21441 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://docs.redhat.com/en/documentation/red_hat_openshift_gitops/1.17/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3869.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2417097 issue
- https://www.cve.org/CVERecord?id=CVE-2025-12816 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-12816 advisory
- https://github.com/digitalbazaar/forge advisory
- https://github.com/digitalbazaar/forge/pull/1124 advisory
- https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq advisory
- https://kb.cert.org/vuls/id/521113 advisory
- https://www.npmjs.com/package/node-forge advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2431740 issue
- https://www.cve.org/CVERecord?id=CVE-2025-13465 advisory
…and 24 more