VDB
RHSA-2026%3A7314
RHSA-2026%3A7314
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x |
| Red Hat | registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x |
| Red Hat | registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64 as a component of Red Hat Quay 3.14 | *, registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64, * |
| Red Hat | registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x, *, * |
| Red Hat | registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x, registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x, * |
| Red Hat | registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le, registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le, registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le |
| Red Hat | registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le as a component of Red Hat Quay 3.14 | * |
| Red Hat | registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64 as a component of Red Hat Quay 3.14 | * |
| Red Hat | registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64 as a component of Red Hat Quay 3.14 | *, registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64, * |
| Red Hat | registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64 as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64 |
| Red Hat | registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x as a component of Red Hat Quay 3.14 | *, registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x, registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x |
| Red Hat | registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x as a component of Red Hat Quay 3.14 | * |
| Red Hat | registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x, registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x, registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x |
| Red Hat | registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le as a component of Red Hat Quay 3.14 | * |
| Red Hat | registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le, *, * |
| Red Hat | registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64 as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64 |
| Red Hat | registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64 as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64 |
| Red Hat | registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le |
| Red Hat | registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64 as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64, registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64, registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64 |
| Red Hat | registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le as a component of Red Hat Quay 3.14 | registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le |
…and 42 more
Timeline
- Apr 9, 2026 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:7314 advisory
- https://access.redhat.com/security/cve/CVE-2025-69873 advisory
- https://access.redhat.com/security/cve/CVE-2026-27962 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7314.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439070 issue
- https://www.cve.org/CVERecord?id=CVE-2025-69873 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-69873 advisory
- https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2448164 issue
- https://www.cve.org/CVERecord?id=CVE-2026-27962 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-27962 advisory
- https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681 advisory
- https://github.com/authlib/authlib/releases/tag/v1.6.9 advisory
- https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5 advisory