VDB
RHSA-2026%3A6493
RHSA-2026%3A6493
PUBLISHED
CVSS 5.400000095367432 MEDIUM
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/ose-aws-ebs-csi-driver-rhel8@sha256:b69db2450640c59703f5e0c5034e918b8dde65a888a541c1841048652568ec3c_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-pod@sha256:233135301f43df0d95306476b51380964d76e61f9feb3f5635f36577f485b296_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | registry.redhat.io/openshift4/ose-pod@sha256:233135301f43df0d95306476b51380964d76e61f9feb3f5635f36577f485b296_amd64, *, registry.redhat.io/openshift4/ose-pod@sha256:233135301f43df0d95306476b51380964d76e61f9feb3f5635f36577f485b296_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-baremetal-installer-rhel8@sha256:69222c49cce633746329650212a2145f5637cd4e4e1b17f7c63213e667149d30_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | |
| Red Hat | registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:6e59b14824fe873149228dff4187a8af6fd809663335ac95925bd1b27b631b12_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:6e59b14824fe873149228dff4187a8af6fd809663335ac95925bd1b27b631b12_amd64, registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:6e59b14824fe873149228dff4187a8af6fd809663335ac95925bd1b27b631b12_amd64, registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:6e59b14824fe873149228dff4187a8af6fd809663335ac95925bd1b27b631b12_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-azure-cloud-controller-manager-rhel8@sha256:87deafddc68ee81d902a3e9daa2d15a23ee7a3c7f681e90af5115f05f01b9f07_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, registry.redhat.io/openshift4/ose-azure-cloud-controller-manager-rhel8@sha256:87deafddc68ee81d902a3e9daa2d15a23ee7a3c7f681e90af5115f05f01b9f07_amd64, * |
| Red Hat | registry.redhat.io/openshift4/ose-vsphere-cluster-api-controllers-rhel8@sha256:ff665b642fd1e540e21b2fab96cf39fd152816ffd99deee5c88a137b9a172d52_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-installer-artifacts@sha256:56dd793ff22486fdb3e2010608a5ef155a481e68181d48d23b4759f4cc6482ad_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | registry.redhat.io/openshift4/ose-installer-artifacts@sha256:56dd793ff22486fdb3e2010608a5ef155a481e68181d48d23b4759f4cc6482ad_amd64, registry.redhat.io/openshift4/ose-installer-artifacts@sha256:56dd793ff22486fdb3e2010608a5ef155a481e68181d48d23b4759f4cc6482ad_amd64, * |
| Red Hat | registry.redhat.io/openshift4/network-tools-rhel8@sha256:5a2cc07e156f82581155fe7848e18ad391971b4dec986613d8a5e3707e4bb078_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-azure-cluster-api-controllers-rhel8@sha256:ba0f45ed1a9771fcd81f654b37a122390a10d290617c528b9735b072699ffdcc_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-openstack-cinder-csi-driver-rhel8@sha256:7d612c3cd1251fd9672c5564aa8cb467c7d7bc7dde644df5306ed3fe0ae022df_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-multus-whereabouts-ipam-cni-rhel8@sha256:f8af0795220f58562f48548f72465f086dbe6d702d4f8015d99ef04fdb6c3b28_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, registry.redhat.io/openshift4/ose-multus-whereabouts-ipam-cni-rhel8@sha256:f8af0795220f58562f48548f72465f086dbe6d702d4f8015d99ef04fdb6c3b28_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-operator-registry@sha256:a840a67f583d6a1c7bb50b605f7bd11822637d139d82a2160074529c0cc94bf6_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, registry.redhat.io/openshift4/ose-operator-registry@sha256:a840a67f583d6a1c7bb50b605f7bd11822637d139d82a2160074529c0cc94bf6_amd64, * |
| Red Hat | registry.redhat.io/openshift4/ose-baremetal-installer-rhel8@sha256:69222c49cce633746329650212a2145f5637cd4e4e1b17f7c63213e667149d30_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | registry.redhat.io/openshift4/ose-baremetal-installer-rhel8@sha256:69222c49cce633746329650212a2145f5637cd4e4e1b17f7c63213e667149d30_amd64, registry.redhat.io/openshift4/ose-baremetal-installer-rhel8@sha256:69222c49cce633746329650212a2145f5637cd4e4e1b17f7c63213e667149d30_amd64, * |
| Red Hat | registry.redhat.io/openshift4/ose-csi-external-attacher@sha256:29ac94c1adb061f6b6aab04b1faa8442b66f97964e92eef68ffd1ef7bd8a329e_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, registry.redhat.io/openshift4/ose-csi-external-attacher@sha256:29ac94c1adb061f6b6aab04b1faa8442b66f97964e92eef68ffd1ef7bd8a329e_amd64, * |
| Red Hat | registry.redhat.io/openshift4/ose-olm-rukpak-rhel8@sha256:3b2b8947c6779295f60afd359bd6f8151d49751e096d29cd18120ec190c3e788_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | registry.redhat.io/openshift4/ose-olm-rukpak-rhel8@sha256:3b2b8947c6779295f60afd359bd6f8151d49751e096d29cd18120ec190c3e788_amd64, *, registry.redhat.io/openshift4/ose-olm-rukpak-rhel8@sha256:3b2b8947c6779295f60afd359bd6f8151d49751e096d29cd18120ec190c3e788_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-kube-proxy@sha256:54a4a33424edf74a05faa54de795fdb22e8933cbea70f9338c5801d07673218b_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | registry.redhat.io/openshift4/ose-kube-proxy@sha256:54a4a33424edf74a05faa54de795fdb22e8933cbea70f9338c5801d07673218b_amd64, registry.redhat.io/openshift4/ose-kube-proxy@sha256:54a4a33424edf74a05faa54de795fdb22e8933cbea70f9338c5801d07673218b_amd64, registry.redhat.io/openshift4/ose-kube-proxy@sha256:54a4a33424edf74a05faa54de795fdb22e8933cbea70f9338c5801d07673218b_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-multus-admission-controller@sha256:6b890961922acb4ac55cee22e527cfd16db346a8336d03dee1bab6ee3353193d_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-insights-rhel8-operator@sha256:e59684416bd1258e50f4230fbc74279efd9984b7618cb62b7b87e306f18c8d5b_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | registry.redhat.io/openshift4/ose-insights-rhel8-operator@sha256:e59684416bd1258e50f4230fbc74279efd9984b7618cb62b7b87e306f18c8d5b_amd64, registry.redhat.io/openshift4/ose-insights-rhel8-operator@sha256:e59684416bd1258e50f4230fbc74279efd9984b7618cb62b7b87e306f18c8d5b_amd64, * |
| Red Hat | registry.redhat.io/openshift4/ose-azure-disk-csi-driver-rhel8-operator@sha256:a12f046144082f59a54d0fe55779031598576281508d7815728ab627d7062ad2_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | registry.redhat.io/openshift4/ose-azure-disk-csi-driver-rhel8-operator@sha256:a12f046144082f59a54d0fe55779031598576281508d7815728ab627d7062ad2_amd64, registry.redhat.io/openshift4/ose-azure-disk-csi-driver-rhel8-operator@sha256:a12f046144082f59a54d0fe55779031598576281508d7815728ab627d7062ad2_amd64, registry.redhat.io/openshift4/ose-azure-disk-csi-driver-rhel8-operator@sha256:a12f046144082f59a54d0fe55779031598576281508d7815728ab627d7062ad2_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-gcp-cloud-controller-manager-rhel8@sha256:6a82dc74e87e1e69b71f4741e3dfd0a41c6cac12d8dc5a94c535357931166de7_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
…and 368 more
Timeline
- Apr 9, 2026 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jun 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:6493 advisory
- https://access.redhat.com/security/cve/CVE-2025-22871 advisory
- https://access.redhat.com/security/cve/CVE-2025-47907 advisory
- https://access.redhat.com/security/cve/CVE-2025-58183 advisory
- https://access.redhat.com/security/cve/CVE-2025-65637 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6493.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2358493 issue
- https://www.cve.org/CVERecord?id=CVE-2025-22871 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-22871 advisory
- https://go.dev/cl/652998 advisory
- https://go.dev/issue/71988 advisory
- https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk advisory
- https://pkg.go.dev/vuln/GO-2025-3563 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2387083 issue
- https://www.cve.org/CVERecord?id=CVE-2025-47907 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-47907 advisory
- https://go.dev/cl/693735 advisory
- https://go.dev/issue/74831 advisory
- https://groups.google.com/g/golang-announce/c/x5MKroML2yM advisory
…and 19 more