{ "threat_severity" : "Important", "public_date" : "2026-02-09T20:11:22Z", "bugzilla" : { "description" : "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig", "id" : "2438237", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2438237" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-1287", "details" : [ "Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.", "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service." ], "affected_release" : [ { "product_name" : "Red Hat Ansible Automation Platform 2.6 for RHEL 9", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6277", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "automation-platform-ui-0:2.6.7-1.el9ap" }, { "product_name" : "multicluster engine for Kubernetes 2.7", "release_date" : "2026-03-24T00:00:00Z", "advisory" : "RHSA-2026:5636", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine/console-mce-rhel9:sha256:2efa3dbf99e5be1f8eb4f169f5f2229b338fdf2d2c72b9c0b0da9392e612cc5f" }, { "product_name" : "Network Observability (NETOBSERV) 1.11.1", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6428", "cpe" : "cpe:/a:redhat:network_observ_optr:1.11::el9", "package" : "network-observability/network-observability-console-plugin-compat-rhel9:sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4" }, { "product_name" : "Network Observability (NETOBSERV) 1.11.1", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6428", "cpe" : "cpe:/a:redhat:network_observ_optr:1.11::el9", "package" : "network-observability/network-observability-console-plugin-rhel9:sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12", "release_date" : "2026-03-24T00:00:00Z", "advisory" : "RHSA-2026:5633", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "rhacm2/console-rhel9:sha256:0d6238ef864831d455a4a4b86d860469443079f6dcd26ce3b4fe546800565844" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6308", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-automation-platform-25/lightspeed-rhel8:sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6309", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/gateway-rhel9:sha256:01fd1e73fd125672778315487a4aa0ae13b7aac2b386d70facd7439d23ee0219" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6309", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/lightspeed-rhel9:sha256:293b2d26b9a82fa6a55dafb4c594287838cae765c358f3bdfea5b89d83f0391e" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-04-01T00:00:00Z", "advisory" : "RHSA-2026:6404", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/gateway-rhel9:sha256:01fd1e73fd125672778315487a4aa0ae13b7aac2b386d70facd7439d23ee0219" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-04-01T00:00:00Z", "advisory" : "RHSA-2026:6404", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/lightspeed-rhel9:sha256:293b2d26b9a82fa6a55dafb4c594287838cae765c358f3bdfea5b89d83f0391e" }, { "product_name" : "Red Hat Developer Hub 1.8", "release_date" : "2026-03-30T00:00:00Z", "advisory" : "RHSA-2026:6174", "cpe" : "cpe:/a:redhat:rhdh:1.8::el9", "package" : "rhdh/rhdh-hub-rhel9:sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046" }, { "product_name" : "Red Hat Developer Hub 1.9", "release_date" : "2026-04-07T00:00:00Z", "advisory" : "RHSA-2026:6802", "cpe" : "cpe:/a:redhat:rhdh:1.9::el9", "package" : "rhdh/rhdh-hub-rhel9:sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d" }, { "product_name" : "Red Hat Discovery 2", "release_date" : "2026-02-12T00:00:00Z", "advisory" : "RHSA-2026:2694", "cpe" : "cpe:/a:redhat:discovery:2::el9", "package" : "discovery/discovery-ui-rhel9:sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2026-03-25T00:00:00Z", "advisory" : "RHSA-2026:5807", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-dashboard-rhel8:sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2026-03-25T00:00:00Z", "advisory" : "RHSA-2026:5142", "cpe" : "cpe:/a:redhat:openshift:4.20::el9", "package" : "openshift4/ose-monitoring-plugin-rhel9:sha256:58f80f5145dc8e26cad376643dc01b4906f554c692cb6549ff75ac6d6651c4d5" }, { "product_name" : "Red Hat OpenShift Container Platform 4.21", "release_date" : "2026-03-24T00:00:00Z", "advisory" : "RHSA-2026:5174", "cpe" : "cpe:/a:redhat:openshift:4.21::el9", "package" : "openshift4/ose-monitoring-plugin-rhel9:sha256:0932593cd3bb6cd2e2b9ecad5e3bbe2fdcd107785ab3f8b25596f4901d8ae33a" }, { "product_name" : "Red Hat OpenShift Dev Spaces 3.27", "release_date" : "2026-03-30T00:00:00Z", "advisory" : "RHSA-2026:6192", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.27::el9", "package" : "devspaces/code-rhel9:sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719" }, { "product_name" : "Red Hat OpenShift Dev Spaces 3.27", "release_date" : "2026-03-30T00:00:00Z", "advisory" : "RHSA-2026:6192", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.27::el9", "package" : "devspaces/dashboard-rhel9:sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda" }, { "product_name" : "Red Hat OpenShift Dev Spaces 3.27", "release_date" : "2026-03-30T00:00:00Z", "advisory" : "RHSA-2026:6192", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.27::el9", "package" : "devspaces/traefik-rhel9:sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a" }, { "product_name" : "Red Hat OpenShift Pipelines 1.21", "release_date" : "2026-03-30T00:00:00Z", "advisory" : "RHSA-2026:6170", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.21::el9", "package" : "openshift-pipelines/pipelines-operator-bundle:sha256:6585794d76cffb3f87fc7eacb905f0dd5f02476f717c911f2c0faf7c4081a080" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:3107", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/kiali-ossmc-rhel8:sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:3107", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/kiali-rhel8:sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36" }, { "product_name" : "Red Hat OpenShift Service Mesh 3", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:3106", "cpe" : "cpe:/a:redhat:service_mesh:3.0::el9", "package" : "openshift-service-mesh/kiali-ossmc-rhel9:sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe" }, { "product_name" : "Red Hat OpenShift Service Mesh 3", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:3106", "cpe" : "cpe:/a:redhat:service_mesh:3.0::el9", "package" : "openshift-service-mesh/kiali-rhel9:sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.1", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:3105", "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9", "package" : "openshift-service-mesh/kiali-ossmc-rhel9:sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.1", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:3105", "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9", "package" : "openshift-service-mesh/kiali-rhel9:sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.2", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:3109", "cpe" : "cpe:/a:redhat:service_mesh:3.2::el9", "package" : "openshift-service-mesh/kiali-ossmc-rhel9:sha256:078ecde6a72a12099911e201456d8ffd09b4c21796b6c54fa8295600a974790c" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.2", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:3109", "cpe" : "cpe:/a:redhat:service_mesh:3.2::el9", "package" : "openshift-service-mesh/kiali-rhel9:sha256:250cf403e11be8c7ed06e4660e8ed07c0a3b1d86d720735629fc28794d656ea2" }, { "product_name" : "Red Hat Quay 3.1", "release_date" : "2026-03-24T00:00:00Z", "advisory" : "RHSA-2026:5665", "cpe" : "cpe:/a:redhat:quay:3.10::el8", "package" : "quay/quay-rhel8:sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e" }, { "product_name" : "Red Hat Quay 3.12", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4942", "cpe" : "cpe:/a:redhat:quay:3.12::el8", "package" : "quay/quay-rhel8:sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f" }, { "product_name" : "Red Hat Quay 3.15", "release_date" : "2026-04-03T00:00:00Z", "advisory" : "RHSA-2026:6568", "cpe" : "cpe:/a:redhat:quay:3.15::el8", "package" : "quay/quay-rhel8:sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b" }, { "product_name" : "Red Hat Quay 3.16", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6497", "cpe" : "cpe:/a:redhat:quay:3.16::el9", "package" : "quay/quay-rhel9:sha256:0bc25ef16eabd14562b5c15b2f242558ace42865d416820420d669436d9d71ae" }, { "product_name" : "Red Hat Quay 3.16", "release_date" : "2026-04-03T00:00:00Z", "advisory" : "RHSA-2026:6567", "cpe" : "cpe:/a:redhat:quay:3.16::el9", "package" : "quay/quay-rhel9:sha256:5937639bb3bc4fd76c1dfa9d1550f8ab955a5d12b44794c076d127a5ba4d68a4" }, { "product_name" : "Red Hat Quay 3.9", "release_date" : "2026-03-19T00:00:00Z", "advisory" : "RHSA-2026:5168", "cpe" : "cpe:/a:redhat:quay:3.9::el8", "package" : "quay/quay-rhel8:sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.3", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:3087", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.3::el9", "package" : "rhtas/rhtas-console-ui-rhel9:sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e" } ], "package_state" : [ { "product_name" : "Cryostat 4", "fix_state" : "Not affected", "package_name" : "io.cryostat-cryostat", "cpe" : "cpe:/a:redhat:cryostat:4" }, { "product_name" : "Gatekeeper 3", "fix_state" : "Not affected", "package_name" : "gatekeeper/gatekeeper-rhel9", "cpe" : "cpe:/a:redhat:gatekeeper:3" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/elasticsearch6-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/elasticsearch-operator-bundle", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/elasticsearch-proxy-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/elasticsearch-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/kibana6-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/logging-curator5-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Migration Toolkit for Applications 8", "fix_state" : "Affected", "package_name" : "mta/mta-ui-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8" }, { "product_name" : "Migration Toolkit for Containers", "fix_state" : "Affected", "package_name" : "rhmtc/openshift-migration-ui-rhel8", "cpe" : "cpe:/a:redhat:rhmt:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-hub-api-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-hub-db-migration-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/kiali-operator-bundle", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/kiali-rhel9-operator", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp20/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp21/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp22/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp24/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp25/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp26/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp2/system-rhel7", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp2/system-rhel8", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp2/system-rhel9", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform/automation-dashboard-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-tech-preview/automation-dashboard-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-gateway", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-hub", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3.11-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3x-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Not affected", "package_name" : "io.hawt-project", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "io.apicurio-apicurio-registry", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat Build of Kueue", "fix_state" : "Not affected", "package_name" : "kueue/kueue-must-gather-rhel9", "cpe" : "cpe:/a:redhat:kueue_operator:1" }, { "product_name" : "Red Hat Build of Kueue", "fix_state" : "Not affected", "package_name" : "kueue/kueue-operator-bundle", "cpe" : "cpe:/a:redhat:kueue_operator:1" }, { "product_name" : "Red Hat Build of Kueue", "fix_state" : "Not affected", "package_name" : "kueue/kueue-rhel9", "cpe" : "cpe:/a:redhat:kueue_operator:1" }, { "product_name" : "Red Hat Build of Kueue", "fix_state" : "Not affected", "package_name" : "kueue/kueue-rhel9-operator", "cpe" : "cpe:/a:redhat:kueue_operator:1" }, { "product_name" : "Red Hat Build of Podman Desktop - Tech Preview", "fix_state" : "Affected", "package_name" : "rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10", "cpe" : "cpe:/a:redhat:podman_desktop:0" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Will not fix", "package_name" : "org.infinispan-infinispan-console", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/bootc-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/disk-image-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "io.apicurio-apicurito", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-dashboard-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-kf-notebook-controller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-mod-arch-gen-ai-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-mod-arch-model-registry-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-notebook-controller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-agent-installer-ui-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-console-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/code-sshd-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/kubevirt-console-plugin", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/kubevirt-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "org.kie-process-migration-service", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite/iop-advisor-frontend-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite/iop-host-inventory-frontend-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite/iop-vulnerability-frontend-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/createtree-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/trillian-database-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/trillian-logserver-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/trillian-logsigner-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/trillian-redis-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/updatetree-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Profile Analyzer", "fix_state" : "Affected", "package_name" : "rhtpa/rhtpa-trustification-service-rhel9", "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:2" }, { "product_name" : "Self-service automation portal 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform/automation-portal", "cpe" : "cpe:/a:redhat:ansible_portal:2" }, { "product_name" : "streams for Apache Kafka 2", "fix_state" : "Affected", "package_name" : "com.github.streamshub-console", "cpe" : "cpe:/a:redhat:amq_streams:2" }, { "product_name" : "streams for Apache Kafka 3", "fix_state" : "Affected", "package_name" : "com.github.streamshub-console", "cpe" : "cpe:/a:redhat:amq_streams:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-25639\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25639\nhttps://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57\nhttps://github.com/axios/axios/releases/tag/v1.13.5\nhttps://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433" ], "name" : "CVE-2026-25639", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }