{ "threat_severity" : "Moderate", "public_date" : "2026-02-20T03:05:21Z", "bugzilla" : { "description" : "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "id" : "2441268", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2441268" }, "cvss3" : { "cvss3_base_score" : "6.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-1333", "details" : [ "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive." ], "statement" : "Exploitation of this flaw requires that a user or service processes untrusted input.", "affected_release" : [ { "product_name" : "Red Hat Ansible Automation Platform 2.6 for RHEL 9", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13508", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "automation-platform-ui-0:2.6.8-1.el9ap" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-04-08T00:00:00Z", "advisory" : "RHSA-2026:7080", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "nodejs22-1:22.22.2-1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-04-13T00:00:00Z", "advisory" : "RHSA-2026:7675", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "nodejs24-1:24.14.1-2.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-04-09T00:00:00Z", "advisory" : "RHSA-2026:7310", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "nodejs22-1:22.22.2-2.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-08T00:00:00Z", "advisory" : "RHSA-2026:7123", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "nodejs:22-8100020260331102257.6d880403" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-13T00:00:00Z", "advisory" : "RHSA-2026:7670", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "nodejs:24-8100020260408131901.6d880403" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-15T00:00:00Z", "advisory" : "RHSA-2026:8339", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "nodejs:20-8100020260414073138.489197e6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-09T00:00:00Z", "advisory" : "RHSA-2026:7302", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "nodejs:22-9070020260401095228.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-09T00:00:00Z", "advisory" : "RHSA-2026:7350", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "nodejs:24-9070020260402152654.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-13T00:00:00Z", "advisory" : "RHSA-2026:7896", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "nodejs:20-9070020260409073121.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9711", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "nodejs:20-9040020260421133644.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-04-14T00:00:00Z", "advisory" : "RHSA-2026:7983", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "nodejs:22-9060020260409121057.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9874", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "nodejs:20-9060020260422064119.rhel9" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1", "release_date" : "2026-05-18T00:00:00Z", "advisory" : "RHSA-2026:18059", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "io.hawt-project" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1", "release_date" : "2026-05-18T00:00:00Z", "advisory" : "RHSA-2026:18059", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "org.jboss.hal-hal-parent" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1", "release_date" : "2026-05-18T00:00:00Z", "advisory" : "RHSA-2026:18059", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "org.keycloak-keycloak-parent" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "release_date" : "2026-05-18T00:00:00Z", "advisory" : "RHSA-2026:18054", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "package" : "eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap" }, { "product_name" : "Red Hat Developer Hub 1.8", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9742", "cpe" : "cpe:/a:redhat:rhdh:1.8::el9", "package" : "rhdh/rhdh-hub-rhel9:1776784286" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10184", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9:1776257621" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10184", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-pipeline-runtime-minimal-cpu-py312-rhel9:1776413275" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10184", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9:1776336652" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10184", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9:1776319193" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10184", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-workbench-jupyter-minimal-cpu-py312-rhel9:1776319213" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10184", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9:1776319275" }, { "product_name" : "Red Hat OpenShift Dev Spaces 3.27", "release_date" : "2026-03-30T00:00:00Z", "advisory" : "RHSA-2026:6192", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.27::el9", "package" : "devspaces/code-rhel9:1774448966" }, { "product_name" : "Red Hat Quay 3.1", "release_date" : "2026-03-24T00:00:00Z", "advisory" : "RHSA-2026:5665", "cpe" : "cpe:/a:redhat:quay:3.10::el8", "package" : "quay/quay-rhel8:1773971077" }, { "product_name" : "Red Hat Quay 3.12", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4942", "cpe" : "cpe:/a:redhat:quay:3.12::el8", "package" : "quay/quay-rhel8:1773771962" }, { "product_name" : "Red Hat Quay 3.15", "release_date" : "2026-04-03T00:00:00Z", "advisory" : "RHSA-2026:6568", "cpe" : "cpe:/a:redhat:quay:3.15::el8", "package" : "quay/quay-rhel8:1775169219" }, { "product_name" : "Red Hat Quay 3.16", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6497", "cpe" : "cpe:/a:redhat:quay:3.16::el9", "package" : "quay/quay-rhel9:1775069491" }, { "product_name" : "Red Hat Quay 3.16", "release_date" : "2026-04-03T00:00:00Z", "advisory" : "RHSA-2026:6567", "cpe" : "cpe:/a:redhat:quay:3.16::el9", "package" : "quay/quay-rhel9:1775169226" }, { "product_name" : "Red Hat Quay 3.9", "release_date" : "2026-03-19T00:00:00Z", "advisory" : "RHSA-2026:5168", "cpe" : "cpe:/a:redhat:quay:3.9::el8", "package" : "quay/quay-rhel8:1773936323" } ], "package_state" : [ { "product_name" : "Cryostat 4", "fix_state" : "Not affected", "package_name" : "io.cryostat-cryostat", "cpe" : "cpe:/a:redhat:cryostat:4" }, { "product_name" : "Gatekeeper 3", "fix_state" : "Not affected", "package_name" : "gatekeeper/gatekeeper-rhel9", "cpe" : "cpe:/a:redhat:gatekeeper:3" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/cluster-logging-operator-bundle", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/cluster-logging-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/elasticsearch6-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/elasticsearch-operator-bundle", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/elasticsearch-proxy-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/elasticsearch-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/fluentd-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/kibana6-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/log-file-metric-exporter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/logging-curator5-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/logging-view-plugin-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/vector-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Migration Toolkit for Applications 8", "fix_state" : "Affected", "package_name" : "mta/mta-ui-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Affected", "package_name" : "workload-availability/node-remediation-console-rhel8", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-hub-api-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-hub-db-migration-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/kiali-operator-bundle", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/kiali-rhel9-operator", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp20/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp21/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp22/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp24/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp25/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp26/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp2/system-rhel7", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp2/system-rhel8", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp2/system-rhel9", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/console-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/volsync-operator-bundle", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/volsync-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Not affected", "package_name" : "org.jolokia-jolokia-parent", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-eda-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "automation-gateway", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Not affected", "package_name" : "io.hawt-project", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "io.apicurio-apicurio-registry", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat build of OptaPlanner 8", "fix_state" : "Not affected", "package_name" : "org.optaweb.vehiclerouting-optaweb-vehicle-routing", "cpe" : "cpe:/a:redhat:optaplanner:::el6" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Not affected", "package_name" : "org.infinispan-infinispan-console", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Directory Server 11", "fix_state" : "Not affected", "package_name" : "redhat-ds:11/389-ds-base", "cpe" : "cpe:/a:redhat:directory_server:11" }, { "product_name" : "Red Hat Directory Server 12", "fix_state" : "Not affected", "package_name" : "redhat-ds:12/389-ds-base", "cpe" : "cpe:/a:redhat:directory_server:12" }, { "product_name" : "Red Hat Directory Server 13", "fix_state" : "Not affected", "package_name" : "389-ds-base", "cpe" : "cpe:/a:redhat:directory_server:13" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "llvm", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "nodejs-nodemon", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "cockpit", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "cockpit-appstream", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "mozjs60", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "uglify-js", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "gjs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "llvm", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "polkit", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Not affected", "package_name" : "rhelai3/bootc-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Not affected", "package_name" : "rhelai3/disk-image-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "io.apicurio-apicurito", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Not affected", "package_name" : "io.hawt-hawtio-integration", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "io.hawt-hawtio-online", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "io.hawt-project", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "io.syndesis-syndesis-parent", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Not affected", "package_name" : "io.syndesis-syndesis-ui", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Will not fix", "package_name" : "io.hawt-project", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Will not fix", "package_name" : "org.jboss.hal-hal-parent", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Will not fix", "package_name" : "io.hawt-project", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Will not fix", "package_name" : "org.jboss.hal-hal-parent", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Will not fix", "package_name" : "org.keycloak-keycloak-parent", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-kf-notebook-controller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-notebook-controller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-workbench-jupyter-minimal-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-workbench-jupyter-minimal-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-agent-installer-ui-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-console-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-monitoring-plugin-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-monitoring-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/mcg-core-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/ocs-client-console-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/odf-console-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/odf-multicluster-console-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/code-sshd-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/machineexec-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/openvsx-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/traefik-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Affected", "package_name" : "rhosdt/tempo-jaeger-query-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "org.kie-process-migration-service", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "org.kie.workbench-kie-wb-common", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "org.uberfire-uberfire-parent", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite/iop-advisor-frontend-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite/iop-host-inventory-frontend-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite/iop-vulnerability-frontend-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Will not fix", "package_name" : "org.keycloak-keycloak-parent", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Self-service automation portal 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform/automation-portal", "cpe" : "cpe:/a:redhat:ansible_portal:2" }, { "product_name" : "streams for Apache Kafka 2", "fix_state" : "Not affected", "package_name" : "com.github.streamshub-console", "cpe" : "cpe:/a:redhat:amq_streams:2" }, { "product_name" : "streams for Apache Kafka 3", "fix_state" : "Will not fix", "package_name" : "com.github.streamshub-console", "cpe" : "cpe:/a:redhat:amq_streams:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-26996\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-26996\nhttps://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5\nhttps://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26" ], "name" : "CVE-2026-26996", "csaw" : false }