{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-24T05:30:09Z",
  "bugzilla" : {
    "description" : "postcss-selector-parser: Postcss: Denial of Service via uncontrolled recursion in AST Serialization",
    "id" : "2481006",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2481006"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-674",
  "details" : [ "A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 6.1.3 and 7.1.3 is able to address this issue. This patch is called 5bc698cef66f8abd12610dc623e5d67cbc0f869d. It is suggested to upgrade the affected component. The vendor explains, that according to his definition \"DoS on server-side on user-generated CSS is low risk for us (since most users compile own CSS with PostCSS).\" The commits were backported to 6.x branch, which was the most downloaded version.", "A flaw was found in postcss. A remote attacker could exploit a vulnerability in the `toString` function of the AST Serialization component by executing a manipulation, leading to uncontrolled recursion. This uncontrolled recursion can result in a Denial of Service (DoS) condition, making the affected system unavailable." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-06-03T00:00:00Z",
    "advisory" : "RHSA-2026:22934",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "rust-main-1.96.0-1.hum1"
  } ],
  "package_state" : [ {
    "product_name" : "Cryostat 4",
    "fix_state" : "Fix deferred",
    "package_name" : "cryostat-openshift-console-plugin-npm",
    "cpe" : "cpe:/a:redhat:cryostat:4"
  }, {
    "product_name" : "Cryostat 4",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:cryostat:4"
  }, {
    "product_name" : "Cryostat 4",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss-selector-parser",
    "cpe" : "cpe:/a:redhat:cryostat:4"
  }, {
    "product_name" : "Exploit Intelligence",
    "fix_state" : "Fix deferred",
    "package_name" : "exploit-intelligence-tech-preview/vulnerability-analysis-rhel9",
    "cpe" : "cpe:/a:redhat:exploit_intelligence:0"
  }, {
    "product_name" : "Gatekeeper 3",
    "fix_state" : "Fix deferred",
    "package_name" : "gatekeeper/gatekeeper-rhel9",
    "cpe" : "cpe:/a:redhat:gatekeeper:3"
  }, {
    "product_name" : "Migration Toolkit for Containers",
    "fix_state" : "Fix deferred",
    "package_name" : "rhmtc/openshift-migration-ui-rhel8",
    "cpe" : "cpe:/a:redhat:rhmt:1"
  }, {
    "product_name" : "Multicluster Engine for Kubernetes",
    "fix_state" : "Fix deferred",
    "package_name" : "multicluster-engine/console-mce-rhel9",
    "cpe" : "cpe:/a:redhat:multicluster_engine"
  }, {
    "product_name" : "Network Observability Operator",
    "fix_state" : "Fix deferred",
    "package_name" : "network-observability/network-observability-console-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:network_observ_optr:1"
  }, {
    "product_name" : "Node HealthCheck Operator",
    "fix_state" : "Fix deferred",
    "package_name" : "workload-availability/node-healthcheck-must-gather-rhel9",
    "cpe" : "cpe:/a:redhat:workload_availability_nhc:0"
  }, {
    "product_name" : "Node HealthCheck Operator",
    "fix_state" : "Fix deferred",
    "package_name" : "workload-availability/node-healthcheck-operator-bundle",
    "cpe" : "cpe:/a:redhat:workload_availability_nhc:0"
  }, {
    "product_name" : "Node HealthCheck Operator",
    "fix_state" : "Fix deferred",
    "package_name" : "workload-availability/node-healthcheck-rhel9-operator",
    "cpe" : "cpe:/a:redhat:workload_availability_nhc:0"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-lightspeed/lightspeed-console-plugin-419-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-lightspeed/lightspeed-console-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "OpenShift Pipelines",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-pipelines/pipelines-console-plugin-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_pipelines:1"
  }, {
    "product_name" : "OpenShift Pipelines",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-pipelines/pipelines-console-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_pipelines:1"
  }, {
    "product_name" : "OpenShift Pipelines",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_pipelines:1"
  }, {
    "product_name" : "OpenShift Pipelines",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_pipelines:1"
  }, {
    "product_name" : "OpenShift Service Mesh 2",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-service-mesh/kiali-ossmc-rhel8",
    "cpe" : "cpe:/a:redhat:service_mesh:2"
  }, {
    "product_name" : "OpenShift Service Mesh 2",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-service-mesh/kiali-rhel8",
    "cpe" : "cpe:/a:redhat:service_mesh:2"
  }, {
    "product_name" : "OpenShift Service Mesh 3",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-service-mesh/kiali-operator-bundle",
    "cpe" : "cpe:/a:redhat:service_mesh:3"
  }, {
    "product_name" : "OpenShift Service Mesh 3",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-service-mesh/kiali-ossmc-rhel9",
    "cpe" : "cpe:/a:redhat:service_mesh:3"
  }, {
    "product_name" : "OpenShift Service Mesh 3",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-service-mesh/kiali-rhel9",
    "cpe" : "cpe:/a:redhat:service_mesh:3"
  }, {
    "product_name" : "OpenShift Service Mesh 3",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-service-mesh/kiali-rhel9-operator",
    "cpe" : "cpe:/a:redhat:service_mesh:3"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "3scale-amp21/system",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "3scale-amp22/system",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "3scale-amp2/system-rhel7",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "3scale-amp2/system-rhel8",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "3scale-amp2/system-rhel9",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Fix deferred",
    "package_name" : "rhacm2/console-rhel9",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat AMQ Broker 7",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:amq_broker:7"
  }, {
    "product_name" : "Red Hat AMQ Broker 7",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss-selector-parser",
    "cpe" : "cpe:/a:redhat:amq_broker:7"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "ansible-automation-platform-26/gateway-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "ansible-automation-platform-27/gateway-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "automation-eda-controller",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "automation-gateway",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "automation-platform-ui",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat build of Apache Camel for Spring Boot 4",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:camel_spring_boot:4"
  }, {
    "product_name" : "Red Hat build of Apache Camel for Spring Boot 4",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss-selector-parser",
    "cpe" : "cpe:/a:redhat:camel_spring_boot:4"
  }, {
    "product_name" : "Red Hat build of Apache Camel - HawtIO 4",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4"
  }, {
    "product_name" : "Red Hat build of Apache Camel - HawtIO 4",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss-selector-parser",
    "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4"
  }, {
    "product_name" : "Red Hat build of Apicurio Registry 2",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:service_registry:2"
  }, {
    "product_name" : "Red Hat build of Apicurio Registry 3",
    "fix_state" : "Fix deferred",
    "package_name" : "apicurio/apicurio-registry-ui-rhel8",
    "cpe" : "cpe:/a:redhat:apicurio_registry:3"
  }, {
    "product_name" : "Red Hat build of Apicurio Registry 3",
    "fix_state" : "Fix deferred",
    "package_name" : "apicurio/apicurio-registry-ui-rhel9",
    "cpe" : "cpe:/a:redhat:apicurio_registry:3"
  }, {
    "product_name" : "Red Hat Build of Keycloak",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:build_keycloak:"
  }, {
    "product_name" : "Red Hat Build of Podman Desktop",
    "fix_state" : "Fix deferred",
    "package_name" : "rh-podman-desktop.git",
    "cpe" : "cpe:/a:redhat:podman_desktop:1"
  }, {
    "product_name" : "Red Hat Build of Podman Desktop - Tech Preview",
    "fix_state" : "Fix deferred",
    "package_name" : "rhdesktop/rh-podman-desktop-ext-bootc-rhel10",
    "cpe" : "cpe:/a:redhat:podman_desktop:0"
  }, {
    "product_name" : "Red Hat Build of Podman Desktop - Tech Preview",
    "fix_state" : "Fix deferred",
    "package_name" : "rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10",
    "cpe" : "cpe:/a:redhat:podman_desktop:0"
  }, {
    "product_name" : "Red Hat Build of Podman Desktop - Tech Preview",
    "fix_state" : "Fix deferred",
    "package_name" : "rhdesktop/rh-podman-desktop-ext-redhat-account-rhel10",
    "cpe" : "cpe:/a:redhat:podman_desktop:0"
  }, {
    "product_name" : "Red Hat Build of Podman Desktop - Tech Preview",
    "fix_state" : "Fix deferred",
    "package_name" : "rhdesktop/rh-podman-desktop-ext-rhel-rhel10",
    "cpe" : "cpe:/a:redhat:podman_desktop:0"
  }, {
    "product_name" : "Red Hat Build of Podman Desktop - Tech Preview",
    "fix_state" : "Fix deferred",
    "package_name" : "rhdesktop/rh-podman-desktop-ext-sandbox-rhel10",
    "cpe" : "cpe:/a:redhat:podman_desktop:0"
  }, {
    "product_name" : "Red Hat Connectivity Link 1",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcl-1/rhcl-console-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:connectivity_link:1"
  }, {
    "product_name" : "Red Hat Data Grid 8",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:jboss_data_grid:8"
  }, {
    "product_name" : "Red Hat Data Grid 8",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss-selector-parser",
    "cpe" : "cpe:/a:redhat:jboss_data_grid:8"
  }, {
    "product_name" : "Red Hat Developer Hub",
    "fix_state" : "Fix deferred",
    "package_name" : "rhdh/rhdh-hub-rhel9",
    "cpe" : "cpe:/a:redhat:rhdh:1"
  }, {
    "product_name" : "Red Hat Discovery 2",
    "fix_state" : "Fix deferred",
    "package_name" : "discovery/discovery-ui-rhel9",
    "cpe" : "cpe:/a:redhat:discovery:2::el9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "goose",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "grafana",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "nodejs22",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "nodejs24",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "subscription-manager",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "dotnet5.0-build-reference-packages",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "grafana",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "grafana-pcp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "mozjs60",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "nodejs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "pcs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "subscription-manager",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "gjs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "goose",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "grafana",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "nodejs:22/nodejs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "nodejs:24/nodejs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "pcs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Fix deferred",
    "package_name" : "rhelai3/bootc-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Fix deferred",
    "package_name" : "rhelai3/bootc-gaudi-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Fix deferred",
    "package_name" : "rhelai3/bootc-rocm-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Fix deferred",
    "package_name" : "rhelai3/disk-image-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss-selector-parser",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss-selector-parser",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 8",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:jbosseapxp"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-mlflow-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift3/ose-console",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift4/ose-agent-installer-ui-rhel9",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift4/ose-console",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift4/ose-console-rhel9",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Fix deferred",
    "package_name" : "odf4/ocs-client-console-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Fix deferred",
    "package_name" : "odf4/odf-console-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Fix deferred",
    "package_name" : "odf4/odf-console-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Fix deferred",
    "package_name" : "odf4/odf-multicluster-console-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Fix deferred",
    "package_name" : "odf4/odf-multicluster-console-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces",
    "fix_state" : "Fix deferred",
    "package_name" : "devspaces/dashboard-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces",
    "fix_state" : "Fix deferred",
    "package_name" : "devspaces/openvsx-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3"
  }, {
    "product_name" : "Red Hat OpenShift Virtualization 4",
    "fix_state" : "Fix deferred",
    "package_name" : "container-native-virtualization/kubevirt-console-plugin",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4"
  }, {
    "product_name" : "Red Hat OpenShift Virtualization 4",
    "fix_state" : "Fix deferred",
    "package_name" : "container-native-virtualization/kubevirt-console-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
  }, {
    "product_name" : "Red Hat Quay 3",
    "fix_state" : "Fix deferred",
    "package_name" : "quay/quay-rhel8",
    "cpe" : "cpe:/a:redhat:quay:3"
  }, {
    "product_name" : "Red Hat Quay 3",
    "fix_state" : "Fix deferred",
    "package_name" : "quay/quay-rhel9",
    "cpe" : "cpe:/a:redhat:quay:3"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Fix deferred",
    "package_name" : "nodejs-css-loader",
    "cpe" : "cpe:/a:redhat:satellite:6"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Fix deferred",
    "package_name" : "nodejs-sanitize-html",
    "cpe" : "cpe:/a:redhat:satellite:6"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Fix deferred",
    "package_name" : "satellite/iop-advisor-frontend-rhel9",
    "cpe" : "cpe:/a:redhat:satellite:6"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Fix deferred",
    "package_name" : "satellite/iop-host-inventory-frontend-rhel9",
    "cpe" : "cpe:/a:redhat:satellite:6"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Fix deferred",
    "package_name" : "satellite/iop-remediations-rhel9",
    "cpe" : "cpe:/a:redhat:satellite:6"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Fix deferred",
    "package_name" : "satellite/iop-vulnerability-frontend-rhel9",
    "cpe" : "cpe:/a:redhat:satellite:6"
  }, {
    "product_name" : "Red Hat Single Sign-On 7",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7"
  }, {
    "product_name" : "Red Hat Single Sign-On 7",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss-selector-parser",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7"
  }, {
    "product_name" : "Red Hat Trusted Artifact Signer",
    "fix_state" : "Fix deferred",
    "package_name" : "rhtas/rekor-search-ui-rhel9",
    "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1"
  }, {
    "product_name" : "Self-service automation portal 2",
    "fix_state" : "Fix deferred",
    "package_name" : "ansible-automation-platform/automation-portal",
    "cpe" : "cpe:/a:redhat:ansible_portal:2"
  }, {
    "product_name" : "streams for Apache Kafka 2",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:amq_streams:2"
  }, {
    "product_name" : "streams for Apache Kafka 3",
    "fix_state" : "Fix deferred",
    "package_name" : "postcss",
    "cpe" : "cpe:/a:redhat:amq_streams:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-9358\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-9358\nhttps://gist.github.com/bx33661/581e3a38134601c04e19b4dfc9b459b9\nhttps://vuldb.com/submit/813080\nhttps://vuldb.com/vuln/365321\nhttps://vuldb.com/vuln/365321/cti" ],
  "name" : "CVE-2026-9358",
  "csaw" : false
}