VDB

RHSA-2026%3A6911

RHSA-2026%3A6911 PUBLISHED CVSS 7.5 HIGH

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer() processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying writer pipe to close. In affected versions, this leaves the Writer interface unusable and can disrupt logging functionality, potentially degrading application availability.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/openshift4/ztp-site-generate-rhel8@sha256:1298753b411c53efdea58e4c8ca9a5199e60c3f17c4302246a62a97702074e6a_amd64 as a component of Red Hat OpenShift Container Platform 4.12registry.redhat.io/openshift4/ztp-site-generate-rhel8@sha256:1298753b411c53efdea58e4c8ca9a5199e60c3f17c4302246a62a97702074e6a_amd64, *, *
sirupsenlogrus
Red Hatregistry.redhat.io/openshift4/ztp-site-generate-rhel8@sha256:1298753b411c53efdea58e4c8ca9a5199e60c3f17c4302246a62a97702074e6a_amd64 as a component of Red Hat OpenShift Container Platform 4.12*

Timeline

  • Apr 7, 2026 CVE Published
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • May 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›