VDB
RHSA-2026%3A7252
RHSA-2026%3A7252
PUBLISHED
CVSS 7 HIGH
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
Risk Scores
CVSS 3.1
7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/ose-configmap-reloader@sha256:e86af1f70604971a91452d8d0e11c4d7246f1237aae808477649a7bb1bfbb226_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | registry.redhat.io/openshift4/ose-configmap-reloader@sha256:e86af1f70604971a91452d8d0e11c4d7246f1237aae808477649a7bb1bfbb226_amd64, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:269a3f4cf534c540bcdd0ee311afb0d394c489ceb71b4867032f7b408de21a47_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | registry.redhat.io/openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:269a3f4cf534c540bcdd0ee311afb0d394c489ceb71b4867032f7b408de21a47_amd64, registry.redhat.io/openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:269a3f4cf534c540bcdd0ee311afb0d394c489ceb71b4867032f7b408de21a47_amd64, registry.redhat.io/openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:269a3f4cf534c540bcdd0ee311afb0d394c489ceb71b4867032f7b408de21a47_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-libvirt-machine-controllers@sha256:85e7f451bf607b3b94aad8ddff46b59de4bfedfdcd2670171017e33ba79f85dd_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | |
| Red Hat | registry.redhat.io/openshift4/ose-ovn-kubernetes-rhel9@sha256:b14c82b954e211e760f8237f952341c6db4f36153c5551fb24b55ae9738ae0f1_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:def2db87172600fc5603201208372b86c71927aef80ecf11381a372a92470d62_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:def2db87172600fc5603201208372b86c71927aef80ecf11381a372a92470d62_amd64, *, registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:def2db87172600fc5603201208372b86c71927aef80ecf11381a372a92470d62_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-gcp-pd-csi-driver-rhel8@sha256:44bccda804cb3755801870fcdadeb2d16e820c3bf14dd6f2c18947afba8ded23_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, registry.redhat.io/openshift4/ose-gcp-pd-csi-driver-rhel8@sha256:44bccda804cb3755801870fcdadeb2d16e820c3bf14dd6f2c18947afba8ded23_amd64, registry.redhat.io/openshift4/ose-gcp-pd-csi-driver-rhel8@sha256:44bccda804cb3755801870fcdadeb2d16e820c3bf14dd6f2c18947afba8ded23_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-operator-lifecycle-manager@sha256:c9b0a5da0e6cffe8d46cdfc65affe7266c5a3942421cdd58c1973698365fe947_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-vsphere-problem-detector-rhel8@sha256:5530afae0116bffb38e6231b2001707a5fb3acabacdb36ec9886a852270e8a82_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | registry.redhat.io/openshift4/ose-vsphere-problem-detector-rhel8@sha256:5530afae0116bffb38e6231b2001707a5fb3acabacdb36ec9886a852270e8a82_amd64, registry.redhat.io/openshift4/ose-vsphere-problem-detector-rhel8@sha256:5530afae0116bffb38e6231b2001707a5fb3acabacdb36ec9886a852270e8a82_amd64, * |
| Red Hat | registry.redhat.io/openshift4/ose-network-interface-bond-cni-rhel8@sha256:1597ed8b1dcab739359497dc3351c0f023fc6bed5b474bc0375ee491004b6ce0_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:dbdb53c34533f1104e1c767b1409f445724c15e293147204cd195f395927e7c3_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | registry.redhat.io/openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:dbdb53c34533f1104e1c767b1409f445724c15e293147204cd195f395927e7c3_amd64, registry.redhat.io/openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:dbdb53c34533f1104e1c767b1409f445724c15e293147204cd195f395927e7c3_amd64, registry.redhat.io/openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:dbdb53c34533f1104e1c767b1409f445724c15e293147204cd195f395927e7c3_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-csi-external-snapshotter-rhel8@sha256:658c2dcb0736fe9ea464accf9534e5d2c96451f16252946e2e5320a48f6dcfbc_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-csi-driver-manila-rhel8@sha256:1e349a98fccf699339f457c706382c2f8c9757b884833eb9242aeba32f677f81_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-config-operator@sha256:287d4b9b44aa682322234ef10e4597890c5c30ba1ec74926fbef67c64e72efcf_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | registry.redhat.io/openshift4/ose-cluster-config-operator@sha256:287d4b9b44aa682322234ef10e4597890c5c30ba1ec74926fbef67c64e72efcf_amd64, registry.redhat.io/openshift4/ose-cluster-config-operator@sha256:287d4b9b44aa682322234ef10e4597890c5c30ba1ec74926fbef67c64e72efcf_amd64, registry.redhat.io/openshift4/ose-cluster-config-operator@sha256:287d4b9b44aa682322234ef10e4597890c5c30ba1ec74926fbef67c64e72efcf_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-openshift-state-metrics-rhel8@sha256:1889f2a47d26217c991a5b5feec3c2c124936cf77cca722f4d8e376e99acf66e_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, registry.redhat.io/openshift4/ose-openshift-state-metrics-rhel8@sha256:1889f2a47d26217c991a5b5feec3c2c124936cf77cca722f4d8e376e99acf66e_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-csi-external-resizer@sha256:e2a65ea66422e1af049d6e1d27f9ed83fc8cb4a329421f7fb3b661b6cfe60c6f_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, registry.redhat.io/openshift4/ose-csi-external-resizer@sha256:e2a65ea66422e1af049d6e1d27f9ed83fc8cb4a329421f7fb3b661b6cfe60c6f_amd64, registry.redhat.io/openshift4/ose-csi-external-resizer@sha256:e2a65ea66422e1af049d6e1d27f9ed83fc8cb4a329421f7fb3b661b6cfe60c6f_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-gcp-pd-csi-driver-operator-rhel8@sha256:2dfcc8883088010702d09f37d8a96ca681ebcf6c980da8700385746d4e67caa1_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | registry.redhat.io/openshift4/ose-csi-external-provisioner-rhel8@sha256:9c27fb99b6123a4034679ef5f717f735115b0e341950cb2a67b3216ab06c65ef_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, registry.redhat.io/openshift4/ose-csi-external-provisioner-rhel8@sha256:9c27fb99b6123a4034679ef5f717f735115b0e341950cb2a67b3216ab06c65ef_amd64, registry.redhat.io/openshift4/ose-csi-external-provisioner-rhel8@sha256:9c27fb99b6123a4034679ef5f717f735115b0e341950cb2a67b3216ab06c65ef_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:1d54a2c229ad3d01bf3445cd543e9d65cf27fc5ac9aa9a3dc5b237ce96138bd5_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | registry.redhat.io/openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:1d54a2c229ad3d01bf3445cd543e9d65cf27fc5ac9aa9a3dc5b237ce96138bd5_amd64, registry.redhat.io/openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:1d54a2c229ad3d01bf3445cd543e9d65cf27fc5ac9aa9a3dc5b237ce96138bd5_amd64, registry.redhat.io/openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:1d54a2c229ad3d01bf3445cd543e9d65cf27fc5ac9aa9a3dc5b237ce96138bd5_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-ovn-kubernetes@sha256:b14c82b954e211e760f8237f952341c6db4f36153c5551fb24b55ae9738ae0f1_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, registry.redhat.io/openshift4/ose-ovn-kubernetes@sha256:b14c82b954e211e760f8237f952341c6db4f36153c5551fb24b55ae9738ae0f1_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-azure-cloud-controller-manager-rhel8@sha256:cb991575e8aa5424757123e6551add1f1a48dfbedb48fbc528af23b08f8c214c_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | registry.redhat.io/openshift4/ose-azure-cloud-controller-manager-rhel8@sha256:cb991575e8aa5424757123e6551add1f1a48dfbedb48fbc528af23b08f8c214c_amd64, *, registry.redhat.io/openshift4/ose-azure-cloud-controller-manager-rhel8@sha256:cb991575e8aa5424757123e6551add1f1a48dfbedb48fbc528af23b08f8c214c_amd64 |
…and 368 more
Timeline
- Apr 16, 2026 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jun 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:7252 advisory
- https://access.redhat.com/security/cve/CVE-2025-47907 advisory
- https://access.redhat.com/security/cve/CVE-2025-58183 advisory
- https://access.redhat.com/security/cve/CVE-2025-65637 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7252.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2387083 issue
- https://www.cve.org/CVERecord?id=CVE-2025-47907 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-47907 advisory
- https://go.dev/cl/693735 advisory
- https://go.dev/issue/74831 advisory
- https://groups.google.com/g/golang-announce/c/x5MKroML2yM advisory
- https://pkg.go.dev/vuln/GO-2025-3849 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2407258 issue
- https://www.cve.org/CVERecord?id=CVE-2025-58183 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-58183 advisory
- https://go.dev/cl/709861 advisory
- https://go.dev/issue/75677 advisory
- https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI advisory
- https://pkg.go.dev/vuln/GO-2025-4014 advisory
…and 11 more