VDB
RHSA-2026%3A7052
RHSA-2026%3A7052
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0 | *, *, * |
| golang | Go standard library | |
| Red Hat | registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x as a component of Logging Subsystem for Red Hat OpenShift 6 | *, registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x, registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x |
| Red Hat | registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6 | registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64, *, * |
| Red Hat | registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6 | registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64, *, registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64 |
| Red Hat | registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6 | *, *, * |
| Red Hat | registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6 | *, *, * |
| Red Hat | registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6 | |
| Red Hat | registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6 | *, *, registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64 |
| Red Hat | registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x | |
| Red Hat | registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0 | *, *, * |
| Red Hat | registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6 | registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64, registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64, registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64 |
| Red Hat | registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0 | *, *, * |
| Red Hat | registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x as a component of Logging Subsystem for Red Hat OpenShift 6 | registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x, *, registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x |
| Red Hat | registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6 | registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le, *, registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le |
| Red Hat | registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6 | *, *, * |
| Red Hat | registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0 | *, *, * |
| Red Hat | registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6 | *, *, * |
| Red Hat | registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x as a component of Logging Subsystem for Red Hat OpenShift 6 | registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x, registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x, registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x |
| Red Hat | registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6 | registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64, *, registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64 |
…and 95 more
Timeline
- Apr 8, 2026 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Jul 17, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:7052 advisory
- https://access.redhat.com/security/cve/CVE-2025-61726 advisory
- https://access.redhat.com/security/cve/CVE-2025-61729 advisory
- https://access.redhat.com/security/cve/CVE-2025-68121 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7052.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2434432 issue
- https://www.cve.org/CVERecord?id=CVE-2025-61726 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61726 advisory
- https://go.dev/cl/736712 advisory
- https://go.dev/issue/77101 advisory
- https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc advisory
- https://pkg.go.dev/vuln/GO-2026-4341 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418462 issue
- https://www.cve.org/CVERecord?id=CVE-2025-61729 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61729 advisory
- https://go.dev/cl/725920 advisory
- https://go.dev/issue/76445 advisory
- https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 advisory
- https://pkg.go.dev/vuln/GO-2025-4155 advisory
…and 7 more