- Issued:
- 2026-03-05
- Updated:
- 2026-03-05
RHSA-2026:3869 - Important: Red Hat OpenShift GitOps v1.17.5 security update
Synopsis
Important: Red Hat OpenShift GitOps v1.17.5 security update
Type/Severity
Security Advisory Important
Topic
Important: Red Hat OpenShift GitOps v1.17.5 security update
Description
An update is now available for Red Hat OpenShift GitOps. Bug Fix(es) and Enhancement(s):
- GITOPS-8438 (CVE-2025-12816 openshift-gitops-1/console-plugin-rhel8: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications [gitops-1.17])
- GITOPS-8868 (CVE-2025-13465 openshift-gitops-1/console-plugin-rhel8: prototype pollution in _.unset and _.omit functions [gitops-1.17])
- GITOPS-8979 (CVE-2025-61726 openshift-gitops-1/argo-rollouts-rhel8: Memory exhaustion in query parameter parsing in net/url [gitops-1.17])
- GITOPS-8980 (CVE-2025-61726 openshift-gitops-1/argocd-agent-rhel8: Memory exhaustion in query parameter parsing in net/url [gitops-1.17])
- GITOPS-8981 (CVE-2025-61726 openshift-gitops-1/argocd-rhel8: Memory exhaustion in query parameter parsing in net/url [gitops-1.17])
- GITOPS-8982 (CVE-2025-61726 openshift-gitops-1/argocd-rhel9: Memory exhaustion in query parameter parsing in net/url [gitops-1.17])
- GITOPS-8983 (CVE-2025-61726 openshift-gitops-1/dex-rhel8: Memory exhaustion in query parameter parsing in net/url [gitops-1.17])
- GITOPS-8984 (CVE-2025-61726 openshift-gitops-1/gitops-rhel8: Memory exhaustion in query parameter parsing in net/url [gitops-1.17])
- GITOPS-8985 (CVE-2025-61726 openshift-gitops-1/gitops-rhel8-operator: Memory exhaustion in query parameter parsing in net/url [gitops-1.17])
- GITOPS-8486 (CVE-2025-66418 openshift-gitops-1/console-plugin-rhel8: urllib3: Unbounded decompression chain leads to resource exhaustion [gitops-1.17])
- GITOPS-8487 (CVE-2025-66418 openshift-gitops-1/must-gather-rhel8: urllib3: Unbounded decompression chain leads to resource exhaustion [gitops-1.17])
- GITOPS-8641 (CVE-2025-66471 openshift-gitops-1/console-plugin-rhel8: urllib3 Streaming API improperly handles highly compressed data [gitops-1.17])
- GITOPS-8683 (CVE-2026-21441 openshift-gitops-1/console-plugin-rhel8: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) [gitops-1.17])
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenShift GitOps | 1.17 | x86_64 |
Fixes
(none)
CVEs
(none)
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.