Issued:

2026-03-05

Updated:

2026-03-05

RHSA-2026:3874 - Important: Red Hat OpenShift GitOps v1.18.4 security update

Synopsis

Important: Red Hat OpenShift GitOps v1.18.4 security update

Type/Severity

Security Advisory Important

Topic

Important: Red Hat OpenShift GitOps v1.18.4 security update

Description

An update is now available for Red Hat OpenShift GitOps. Bug Fix(es) and Enhancement(s):

• GITOPS-8439 (CVE-2025-12816 openshift-gitops-1/console-plugin-rhel8: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications [gitops-1.18])
• GITOPS-8870 (CVE-2025-13465 openshift-gitops-1/argocd-rhel9: prototype pollution in _.unset and _.omit functions [gitops-1.18])
• GITOPS-8871 (CVE-2025-13465 openshift-gitops-1/console-plugin-rhel8: prototype pollution in _.unset and _.omit functions [gitops-1.18])
• GITOPS-8986 (CVE-2025-61726 openshift-gitops-1/argo-rollouts-rhel8: Memory exhaustion in query parameter parsing in net/url [gitops-1.18])
• GITOPS-8987 (CVE-2025-61726 openshift-gitops-1/argocd-agent-rhel8: Memory exhaustion in query parameter parsing in net/url [gitops-1.18])
• GITOPS-8988 (CVE-2025-61726 openshift-gitops-1/argocd-rhel8: Memory exhaustion in query parameter parsing in net/url [gitops-1.18])
• GITOPS-8989 (CVE-2025-61726 openshift-gitops-1/argocd-rhel9: Memory exhaustion in query parameter parsing in net/url [gitops-1.18])
• GITOPS-8990 (CVE-2025-61726 openshift-gitops-1/dex-rhel8: Memory exhaustion in query parameter parsing in net/url [gitops-1.18])
• GITOPS-8991 (CVE-2025-61726 openshift-gitops-1/gitops-rhel8: Memory exhaustion in query parameter parsing in net/url [gitops-1.18])
• GITOPS-8992 (CVE-2025-61726 openshift-gitops-1/gitops-rhel8-operator: Memory exhaustion in query parameter parsing in net/url [gitops-1.18])
• GITOPS-8324 (CVE-2025-66031 openshift-gitops-1/console-plugin-rhel8: node-forge ASN.1 Unbounded Recursion [gitops-1.17])
• GITOPS-8488 (CVE-2025-66418 openshift-gitops-1/console-plugin-rhel8: urllib3: Unbounded decompression chain leads to resource exhaustion [gitops-1.18])
• GITOPS-8489 (CVE-2025-66418 openshift-gitops-1/must-gather-rhel8: urllib3: Unbounded decompression chain leads to resource exhaustion [gitops-1.18])
• GITOPS-8643 (CVE-2025-66471 openshift-gitops-1/console-plugin-rhel8: urllib3 Streaming API improperly handles highly compressed data [gitops-1.18])
• GITOPS-9063 (CVE-2025-68121 openshift-gitops-1/dex-rhel8: Unexpected session resumption in crypto/tls [gitops-1.18])
• GITOPS-8684 (CVE-2026-21441 openshift-gitops-1/console-plugin-rhel8: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) [gitops-1.18])

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Fixes

(none)

CVEs

(none)

References

• https://access.redhat.com/security/cve/CVE-2025-12816

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.