RHSA-2026%3A8490 — Vulnetix

RHSA-2026%3A8490 PUBLISHED CVSS 7 HIGH

Kiali 2.11.9 for Red Hat OpenShift Service Mesh 3.1 is now available. An update is now available for Red Hat OpenShift Service Mesh 3.1. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Risk Scores

CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Affected Products

Vendor	Product	Versions
	Red Hat OpenShift Service Mesh 3.1
	registry.redhat.io/openshift

Exploit Intelligence

threalwinky/CVE-2026-4800-POC (github-poc-repo)
threalwinky/CVE-2026-4800-POC (github-poc-repo)
gRPC-Go RBAC Authorization Policy Bypass via Missing `:path` Slash (Auth Bypass) (github-poc-repo)
gRPC-Go RBAC Authorization Policy Bypass via Missing `:path` Slash (Auth Bypass) (github-poc-repo)
SvenLie/next-rep-CVE-2026-4800 (github-poc-repo)
SvenLie/next-rep-CVE-2026-4800 (github-poc-repo)
CVE-2026-40175 (github-poc-repo)
CVE-2026-40175 (github-poc-repo)
Scan local repos for vulnerable axios versions (CVE-2026-40175) and patch interactively (github-poc-repo)
Scan local repos for vulnerable axios versions (CVE-2026-40175) and patch interactively (github-poc-repo)

…and 136 more exploits

Timeline

Apr 16, 2026 CVE Published
Apr 25, 2026 Distribution Patch
Apr 25, 2026 Distribution Patch
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory

References

Open in Interactive Console →