VDB
RHSA-2026%3A4511
RHSA-2026%3A4511
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/pf-status-relay-rhel9@sha256:4b6ef403594e1d6a539bd2dbd5f25b07aabd1a50dd8813a22fee05e79a959fd7_s390x as a component of Red Hat OpenShift Container Platform 4.17 | *, registry.redhat.io/openshift4/pf-status-relay-rhel9@sha256:4b6ef403594e1d6a539bd2dbd5f25b07aabd1a50dd8813a22fee05e79a959fd7_s390x, registry.redhat.io/openshift4/pf-status-relay-rhel9@sha256:4b6ef403594e1d6a539bd2dbd5f25b07aabd1a50dd8813a22fee05e79a959fd7_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-node-feature-discovery-rhel9@sha256:69d1e57bbbf9118dd24892988521656b84106767a14c609c1cc6b6c3c232c729_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-node-feature-discovery-rhel9@sha256:69d1e57bbbf9118dd24892988521656b84106767a14c609c1cc6b6c3c232c729_amd64, registry.redhat.io/openshift4/ose-node-feature-discovery-rhel9@sha256:69d1e57bbbf9118dd24892988521656b84106767a14c609c1cc6b6c3c232c729_amd64, registry.redhat.io/openshift4/ose-node-feature-discovery-rhel9@sha256:69d1e57bbbf9118dd24892988521656b84106767a14c609c1cc6b6c3c232c729_amd64 |
| Red Hat | registry.redhat.io/openshift4/sriov-cni-rhel9@sha256:46c7dd08bde67584a0a4b07c01e792ce6027c4e1e9b4830700fa1a915a032b6d_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | *, registry.redhat.io/openshift4/sriov-cni-rhel9@sha256:46c7dd08bde67584a0a4b07c01e792ce6027c4e1e9b4830700fa1a915a032b6d_ppc64le, * |
| Red Hat | registry.redhat.io/openshift4/metallb-rhel9-operator@sha256:8d3d49420da626048db329e91840a765e074aab4734da1135fe7caaf9536d98e_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | *, registry.redhat.io/openshift4/metallb-rhel9-operator@sha256:8d3d49420da626048db329e91840a765e074aab4734da1135fe7caaf9536d98e_ppc64le, registry.redhat.io/openshift4/metallb-rhel9-operator@sha256:8d3d49420da626048db329e91840a765e074aab4734da1135fe7caaf9536d98e_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-smb-csi-driver-rhel9-operator@sha256:57be55a9aa101160870ad7a685e7a1f13c665aaa2f603fe9cfcb2eebcebab938_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-smb-csi-driver-rhel9-operator@sha256:57be55a9aa101160870ad7a685e7a1f13c665aaa2f603fe9cfcb2eebcebab938_ppc64le, registry.redhat.io/openshift4/ose-smb-csi-driver-rhel9-operator@sha256:57be55a9aa101160870ad7a685e7a1f13c665aaa2f603fe9cfcb2eebcebab938_ppc64le, * |
| Red Hat | registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel9-operator@sha256:91bc15e9cce8fa9814d883f99504eed0c1b35b3c7e5508d6ca94513daad79eed_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | *, registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel9-operator@sha256:91bc15e9cce8fa9814d883f99504eed0c1b35b3c7e5508d6ca94513daad79eed_amd64, registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel9-operator@sha256:91bc15e9cce8fa9814d883f99504eed0c1b35b3c7e5508d6ca94513daad79eed_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-ptp-rhel9-operator@sha256:84bc426b573911eac8604c535a4dba57930dc2a3e86d7ad99232ea51ba47a23e_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ingress-node-firewall-rhel9@sha256:7f71974d24c3bfa84c6bd34b8951b996be381e694b86e66071ee13beffbabae3_s390x as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ingress-node-firewall-rhel9@sha256:7f71974d24c3bfa84c6bd34b8951b996be381e694b86e66071ee13beffbabae3_s390x, registry.redhat.io/openshift4/ingress-node-firewall-rhel9@sha256:7f71974d24c3bfa84c6bd34b8951b996be381e694b86e66071ee13beffbabae3_s390x, registry.redhat.io/openshift4/ingress-node-firewall-rhel9@sha256:7f71974d24c3bfa84c6bd34b8951b996be381e694b86e66071ee13beffbabae3_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-operator-sdk-rhel9@sha256:dbe91bcc6eec12690685d4dad09c74683258dacdcdb43275c2c61b1a8ae72640_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-capacity-rhel9@sha256:90e287bcb190f640f66403da2305aa371bba214bc237c8c9d41a94d621d596b4_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-cluster-capacity-rhel9@sha256:90e287bcb190f640f66403da2305aa371bba214bc237c8c9d41a94d621d596b4_arm64, *, registry.redhat.io/openshift4/ose-cluster-capacity-rhel9@sha256:90e287bcb190f640f66403da2305aa371bba214bc237c8c9d41a94d621d596b4_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-egress-dns-proxy-rhel9@sha256:a21621b0b97c90bdaac2c89ca451e66df89822d4a273d645672062454bfa001d_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-egress-dns-proxy-rhel9@sha256:a21621b0b97c90bdaac2c89ca451e66df89822d4a273d645672062454bfa001d_arm64, registry.redhat.io/openshift4/ose-egress-dns-proxy-rhel9@sha256:a21621b0b97c90bdaac2c89ca451e66df89822d4a273d645672062454bfa001d_arm64, registry.redhat.io/openshift4/ose-egress-dns-proxy-rhel9@sha256:a21621b0b97c90bdaac2c89ca451e66df89822d4a273d645672062454bfa001d_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-local-storage-diskmaker-rhel9@sha256:769714a81f56d80627699e308fd2c1cd513c084f062b6e0ff2f3743de8cde842_s390x as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-local-storage-diskmaker-rhel9@sha256:769714a81f56d80627699e308fd2c1cd513c084f062b6e0ff2f3743de8cde842_s390x, registry.redhat.io/openshift4/ose-local-storage-diskmaker-rhel9@sha256:769714a81f56d80627699e308fd2c1cd513c084f062b6e0ff2f3743de8cde842_s390x, registry.redhat.io/openshift4/ose-local-storage-diskmaker-rhel9@sha256:769714a81f56d80627699e308fd2c1cd513c084f062b6e0ff2f3743de8cde842_s390x |
| Red Hat | registry.redhat.io/openshift4/ingress-node-firewall-rhel9-operator@sha256:8489332153809b9e1e0d05f4848985df70da176d72847805ac20820e5c48fe79_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ingress-node-firewall-rhel9-operator@sha256:8489332153809b9e1e0d05f4848985df70da176d72847805ac20820e5c48fe79_ppc64le, registry.redhat.io/openshift4/ingress-node-firewall-rhel9-operator@sha256:8489332153809b9e1e0d05f4848985df70da176d72847805ac20820e5c48fe79_ppc64le, * |
| Red Hat | registry.redhat.io/openshift4/ose-egress-router-rhel9@sha256:971a76e4eb042994986fd978730426b17c9f3a5ee9e4974ff7233a94bd7befd6_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-egress-router-rhel9@sha256:971a76e4eb042994986fd978730426b17c9f3a5ee9e4974ff7233a94bd7befd6_arm64, registry.redhat.io/openshift4/ose-egress-router-rhel9@sha256:971a76e4eb042994986fd978730426b17c9f3a5ee9e4974ff7233a94bd7befd6_arm64, * |
| Red Hat | registry.redhat.io/openshift4/ose-sriov-network-rhel9-operator@sha256:18f7af8ef7bf69fb907eec8ba891898ab319189a120ade01c701703e375c907e_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | *, *, registry.redhat.io/openshift4/ose-sriov-network-rhel9-operator@sha256:18f7af8ef7bf69fb907eec8ba891898ab319189a120ade01c701703e375c907e_amd64 |
| Red Hat | registry.redhat.io/openshift4/pf-status-relay-rhel9@sha256:aacd2abdcc2e6d67f091d389c9635159d2f5cbf46bb8524cadad81ad742e71b9_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-dpu-daemon-rhel9@sha256:1867a8b9d1f6f7585016be95737ecd5037064b6ae8249fcdb1179bb108629916_s390x as a component of Red Hat OpenShift Container Platform 4.17 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel9@sha256:e2504ba37b1fa060645d33afaa9042c7c11098017306552efb7f5747fcc1c07b_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel9-operator@sha256:91bc15e9cce8fa9814d883f99504eed0c1b35b3c7e5508d6ca94513daad79eed_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | *, registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel9-operator@sha256:91bc15e9cce8fa9814d883f99504eed0c1b35b3c7e5508d6ca94513daad79eed_amd64, registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel9-operator@sha256:91bc15e9cce8fa9814d883f99504eed0c1b35b3c7e5508d6ca94513daad79eed_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-secrets-store-csi-mustgather-rhel9@sha256:1a3a97d40bf257a0d9dd3813eb0d702afc8089f58f63c78ce0250fc017023144_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-secrets-store-csi-mustgather-rhel9@sha256:1a3a97d40bf257a0d9dd3813eb0d702afc8089f58f63c78ce0250fc017023144_ppc64le, *, * |
…and 367 more
Timeline
- Mar 18, 2026 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Jul 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:4511 advisory
- https://access.redhat.com/security/cve/CVE-2025-61726 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4511.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2434432 issue
- https://www.cve.org/CVERecord?id=CVE-2025-61726 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61726 advisory
- https://go.dev/cl/736712 advisory
- https://go.dev/issue/77101 advisory
- https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc advisory
- https://pkg.go.dev/vuln/GO-2026-4341 advisory