{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-39821", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2026-04-07T18:13:03.526Z", "datePublished": "2026-05-22T15:01:21.462Z", "dateUpdated": "2026-07-10T12:05:36.478Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2026-05-22T15:01:21.462Z" }, "title": "Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna", "descriptions": [ { "lang": "en", "value": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\"." } ], "affected": [ { "vendor": "golang.org/x/net", "product": "golang.org/x/net/idna", "collectionURL": "https://pkg.go.dev", "packageName": "golang.org/x/net/idna", "versions": [ { "version": "0", "lessThan": "0.55.0", "status": "affected", "versionType": "semver" } ], "programRoutines": [ { "name": "Profile.process" }, { "name": "Profile.ToASCII" }, { "name": "Profile.ToUnicode" }, { "name": "ToASCII" }, { "name": "ToUnicode" } ], "defaultStatus": "unaffected" } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "CWE-1289: Improper Validation of Unsafe Equivalence in Input" } ] } ], "references": [ { "url": "https://go.dev/cl/767220" }, { "url": "https://go.dev/issue/78760" }, { "url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8" }, { "url": "https://pkg.go.dev/vuln/GO-2026-5026" } ], "credits": [ { "lang": "en", "value": "KC1zs4 (https://github.com/KC1zs4)" } ] }, "adp": [ { "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-1289", "lang": "en", "description": "CWE-1289 Improper Validation of Unsafe Equivalence in Input" } ] } ], "metrics": [ { "cvssV3_1": { "scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH" } }, { "other": { "type": "ssvc", "content": { "timestamp": "2026-05-23T03:55:58.522682Z", "id": "CVE-2026-39821", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-27T13:13:15.606Z" } }, { "affected": [ { "cpes": [ "cpe:/a:redhat:openshift:4.22::el8", "cpe:/a:redhat:openshift:4.22::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4.22", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:edge_manager:1.0::el9" ], "defaultStatus": "affected", "product": "RHEM 1.0 for RHEL 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:10.2" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream (v. 10)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream (v. 8)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream (v. 9)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:cluster_observability_operator:1.5::el9" ], "defaultStatus": "affected", "product": "Cluster Observability Operator 1.5.0", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:devworkspace:0.42::el9" ], "defaultStatus": "affected", "product": "DevWorkspace Operator 0.42", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:logging:6.4::el9" ], "defaultStatus": "affected", "product": "Logging Subsystem for Red Hat OpenShift 6.4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:acm:2.13::el9" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.10::el8" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.11::el9" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security for Kubernetes 4.11", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.9::el8" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:edge_manager:1.0::el9" ], "defaultStatus": "affected", "product": "Red Hat Edge Manager 1.0", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3.4::el9" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AI 3.4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:hummingbird:1" ], "defaultStatus": "affected", "product": "Red Hat Hardened Images", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_builds:1.7::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Builds 1.7.4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_devspaces:3.29::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Dev Spaces 3.29", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_gitops:1.19::el8" ], "defaultStatus": "affected", "product": "Red Hat OpenShift GitOps 1.19", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_gitops:1.20::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift GitOps 1.20", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:2.6::el8" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 2.6", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:3.1::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:3.2::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:3.3::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:3.0::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:trusted_artifact_signer:1.4::el9" ], "defaultStatus": "affected", "product": "Red Hat Trusted Artifact Signer 1.4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_engine:2.6::el8" ], "defaultStatus": "affected", "product": "multicluster engine for Kubernetes 2.6", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_engine:2.8::el9" ], "defaultStatus": "affected", "product": "multicluster engine for Kubernetes 2.8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_engine:2.9::el9" ], "defaultStatus": "affected", "product": "multicluster engine for Kubernetes 2.9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:assisted_installer:2" ], "defaultStatus": "affected", "product": "Assisted Installer for Red Hat OpenShift Container Platform 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:cert_manager:1" ], "defaultStatus": "affected", "product": "cert-manager Operator for Red Hat OpenShift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_compliance_operator:1" ], "defaultStatus": "affected", "product": "Compliance Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:confidential_compute_attestation:1" ], "defaultStatus": "affected", "product": "Confidential Compute Attestation", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:deployment_validator_operator" ], "defaultStatus": "affected", "product": "Deployment Validation Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:external_secrets_operator:1" ], "defaultStatus": "affected", "product": "External Secrets Operator for Red Hat OpenShift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:workload_availability_far:0" ], "defaultStatus": "affected", "product": "Fence Agents Remediation Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_file_integrity_operator:1" ], "defaultStatus": "affected", "product": "File Integrity Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:gatekeeper:3" ], "defaultStatus": "affected", "product": "Gatekeeper 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:lvms:4" ], "defaultStatus": "affected", "product": "Logical Volume Manager Storage", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:workload_availability_mdr:0" ], "defaultStatus": "affected", "product": "Machine Deletion Remediation Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:migration_toolkit_applications:8" ], "defaultStatus": "affected", "product": "Migration Toolkit for Applications 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:rhmt:1" ], "defaultStatus": "affected", "product": "Migration Toolkit for Containers", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multiarch_tuning_operator" ], "defaultStatus": "affected", "product": "Multiarch Tuning Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "affected", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_globalhub" ], "defaultStatus": "affected", "product": "Multicluster Global Hub", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:network_observ_optr:1" ], "defaultStatus": "affected", "product": "Network Observability Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:workload_availability_nhc:0" ], "defaultStatus": "affected", "product": "Node HealthCheck Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_api_data_protection:1" ], "defaultStatus": "affected", "product": "OpenShift API for Data Protection", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_lightspeed" ], "defaultStatus": "affected", "product": "OpenShift Lightspeed", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_pipelines:1" ], "defaultStatus": "affected", "product": "OpenShift Pipelines", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "affected", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_power_monitoring" ], "defaultStatus": "affected", "product": "Power monitoring for Red Hat OpenShift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:red_hat_3scale_amp:2" ], "defaultStatus": "affected", "product": "Red Hat 3scale API Management Platform 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "affected", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ceph_storage:5" ], "defaultStatus": "affected", "product": "Red Hat Ceph Storage 5", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ceph_storage:6" ], "defaultStatus": "affected", "product": "Red Hat Ceph Storage 6", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ceph_storage:8" ], "defaultStatus": "affected", "product": "Red Hat Ceph Storage 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ceph_storage:9" ], "defaultStatus": "affected", "product": "Red Hat Ceph Storage 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:certifications:9" ], "defaultStatus": "affected", "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:connectivity_link:1" ], "defaultStatus": "affected", "product": "Red Hat Connectivity Link 1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:rhdh:1" ], "defaultStatus": "affected", "product": "Red Hat Developer Hub", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AI (RHEL AI) 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:lightspeed_for_runtimes:1" ], "defaultStatus": "affected", "product": "Red Hat Lightspeed for Runtimes Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_ai" ], "defaultStatus": "affected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_cluster_manager_cli:1" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Cluster Manager CLI", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:windows_machine_config" ], "defaultStatus": "affected", "product": "Red Hat OpenShift for Windows Containers", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_service_on_aws:1" ], "defaultStatus": "affected", "product": "Red Hat OpenShift on AWS", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3" ], "defaultStatus": "affected", "product": "Red Hat Quay 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "affected", "product": "Red Hat Satellite 6", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:webterminal:1" ], "defaultStatus": "affected", "product": "Red Hat Web Terminal", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_security_profiles_operator:1" ], "defaultStatus": "affected", "product": "Security Profiles Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_streams:3" ], "defaultStatus": "affected", "product": "streams for Apache Kafka 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:zero_trust_workload_identity_manager:1" ], "defaultStatus": "affected", "product": "Zero Trust Workload Identity Manager", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:zero_trust_workload_identity_manager:0" ], "defaultStatus": "affected", "product": "Zero Trust Workload Identity Manager - Tech Preview", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:cryostat:4" ], "defaultStatus": "unaffected", "product": "Cryostat 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openstack:18.0" ], "defaultStatus": "unaffected", "product": "Red Hat OpenStack Platform 18.0", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "unaffected", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_interconnect:2" ], "defaultStatus": "unaffected", "product": "Red Hat Service Interconnect 2", "vendor": "Red Hat" } ], "datePublic": "2026-05-22T15:01:21.462Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1289", "description": "Improper Validation of Unsafe Equivalence in Input", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2026-39821" }, { "name": "RHBZ#2480756", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39821.json" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:34789" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36796" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:30855" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:35827" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:35826" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:34357" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:30853" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:35830" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:35831" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:30854" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:35828" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:35829" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:34359" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:34342" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36808" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:34364" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:30651" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:26547" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36207" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:26546" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36651" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33531" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33524" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:23262" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:23264" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36648" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36820" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:35994" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:35993" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33155" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33163" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33173" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33183" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33160" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:37387" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36797" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36105" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36167" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:30650" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36883" } ], "solutions": [ { "lang": "en", "value": "RHSA-2026:34789: Red Hat OpenShift Container Platform 4.22" }, { "lang": "en", "value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9" }, { "lang": "en", "value": "RHSA-2026:30855: Red Hat Enterprise Linux AppStream (v. 10)" }, { "lang": "en", "value": "RHSA-2026:35827: Red Hat Enterprise Linux AppStream (v. 10)" }, { "lang": "en", "value": "RHSA-2026:35826: Red Hat Enterprise Linux AppStream (v. 10)" }, { "lang": "en", "value": "RHSA-2026:34357: Red Hat Enterprise Linux AppStream (v. 10)" }, { "lang": "en", "value": "RHSA-2026:30853: Red Hat Enterprise Linux AppStream (v. 8)" }, { "lang": "en", "value": "RHSA-2026:35830: Red Hat Enterprise Linux AppStream (v. 8)" }, { "lang": "en", "value": "RHSA-2026:35831: Red Hat Enterprise Linux AppStream (v. 8)" }, { "lang": "en", "value": "RHSA-2026:30854: Red Hat Enterprise Linux AppStream (v. 9)" }, { "lang": "en", "value": "RHSA-2026:35828: Red Hat Enterprise Linux AppStream (v. 9)" }, { "lang": "en", "value": "RHSA-2026:35829: Red Hat Enterprise Linux AppStream (v. 9)" }, { "lang": "en", "value": "RHSA-2026:34359: Red Hat Enterprise Linux AppStream (v. 9)" }, { "lang": "en", "value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0" }, { "lang": "en", "value": "RHSA-2026:36808: DevWorkspace Operator 0.42" }, { "lang": "en", "value": "RHSA-2026:34364: Logging Subsystem for Red Hat OpenShift 6.4" }, { "lang": "en", "value": "RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13" }, { "lang": "en", "value": "RHSA-2026:26547: Red Hat Advanced Cluster Security for Kubernetes 4.10" }, { "lang": "en", "value": "RHSA-2026:36207: Red Hat Advanced Cluster Security for Kubernetes 4.11" }, { "lang": "en", "value": "RHSA-2026:26546: Red Hat Advanced Cluster Security for Kubernetes 4.9" }, { "lang": "en", "value": "RHSA-2026:36651: Red Hat Edge Manager 1.0" }, { "lang": "en", "value": "RHSA-2026:33531: Red Hat Enterprise Linux AI 3.4" }, { "lang": "en", "value": "RHSA-2026:33524: Red Hat Enterprise Linux AI 3.4" }, { "lang": "en", "value": "RHSA-2026:23262: Red Hat Hardened Images" }, { "lang": "en", "value": "RHSA-2026:23264: Red Hat Hardened Images" }, { "lang": "en", "value": "RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4" }, { "lang": "en", "value": "RHSA-2026:36820: Red Hat OpenShift Dev Spaces 3.29" }, { "lang": "en", "value": "RHSA-2026:35994: Red Hat OpenShift GitOps 1.19" }, { "lang": "en", "value": "RHSA-2026:35993: Red Hat OpenShift GitOps 1.20" }, { "lang": "en", "value": "RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6" }, { "lang": "en", "value": "RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1" }, { "lang": "en", "value": "RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2" }, { "lang": "en", "value": "RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3" }, { "lang": "en", "value": "RHSA-2026:33160: Red Hat OpenShift Service Mesh 3" }, { "lang": "en", "value": "RHSA-2026:37387: Red Hat Openshift Data Foundation 4.22" }, { "lang": "en", "value": "RHSA-2026:36797: Red Hat Trusted Artifact Signer 1.4" }, { "lang": "en", "value": "RHSA-2026:36105: multicluster engine for Kubernetes 2.6" }, { "lang": "en", "value": "RHSA-2026:36167: multicluster engine for Kubernetes 2.6" }, { "lang": "en", "value": "RHSA-2026:30650: multicluster engine for Kubernetes 2.8" }, { "lang": "en", "value": "RHSA-2026:36883: multicluster engine for Kubernetes 2.9" } ], "timeline": [ { "lang": "en", "time": "2026-05-22T16:00:52.844Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-05-22T15:01:21.462Z", "value": "Made public." } ], "title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing", "workarounds": [ { "lang": "en", "value": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds." } ], "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-07-10T12:05:36.478Z" } } ] } }