{ "threat_severity" : "Important", "public_date" : "2026-04-07T15:19:24Z", "bugzilla" : { "description" : "github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability", "id" : "2455975", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2455975" }, "cvss3" : { "cvss3_base_score" : "8.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "status" : "verified" }, "cwe" : "CWE-787", "details" : [ "Memory-safety vulnerability in github.com/jackc/pgx/v5.", "A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability." ], "affected_release" : [ { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2026-05-26T00:00:00Z", "advisory" : "RHSA-2026:17789", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/cryostat-storage-rhel9:4.2.0-13" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.1", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13829", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.10::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:1777976489" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.1", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13829", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.10::el8", "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:1777976489" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.1", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13829", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.10::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-rhel8:1777976489" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.8", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:11070", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:1777307791" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.8", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:11070", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:1777307791" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.8", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:11070", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-rhel8:1777307791" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.8", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:11217", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:1777307791" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.8", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:11217", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:1777307791" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.8", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:11217", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-rhel8:1777307791" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13791", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:1777986630" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13791", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:1777986630" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13791", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-rhel8:1777986630" } ], "package_state" : [ { "product_name" : "Custom Metric Autoscaler operator for Red Hat Openshift", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/custom-metrics-autoscaler-operator", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2" }, { "product_name" : "Custom Metric Autoscaler operator for Red Hat Openshift", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/keda-adapter", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2" }, { "product_name" : "Custom Metric Autoscaler operator for Red Hat Openshift", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/keda-operator", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2" }, { "product_name" : "Custom Metric Autoscaler operator for Red Hat Openshift", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/keda-webhooks", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/azure-service-operator-mce-211", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "multicluster-globalhub/multicluster-globalhub-agent-rhel8", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Not affected", "package_name" : "multicluster-globalhub/multicluster-globalhub-agent-rhel9", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "multicluster-globalhub/multicluster-globalhub-grafana-rhel9", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "multicluster-globalhub/multicluster-globalhub-kessel-inventory-api-rhel9", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "multicluster-globalhub/multicluster-globalhub-manager-rhel8", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "multicluster-globalhub/multicluster-globalhub-manager-rhel9", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Not affected", "package_name" : "multicluster-globalhub/multicluster-globalhub-operator-bundle", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "multicluster-globalhub/multicluster-globalhub-rhel8-operator", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "multicluster-globalhub/multicluster-globalhub-rhel9-operator", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multicluster-global-hub-agent-globalhub-1-4", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multicluster-global-hub-agent-globalhub-1-5", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multicluster-global-hub-agent-globalhub-1-6", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multicluster-global-hub-agent-globalhub-1-7", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multicluster-global-hub-manager-globalhub-1-4", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multicluster-global-hub-manager-globalhub-1-5", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multicluster-global-hub-manager-globalhub-1-6", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multicluster-global-hub-manager-globalhub-1-7", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multicluster-global-hub-operator-globalhub-1-4", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multicluster-global-hub-operator-globalhub-1-5", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multicluster-global-hub-operator-globalhub-1-6", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/multicluster-global-hub-operator-globalhub-1-7", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-results-api-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-results-retention-policy-agent-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp2/3scale-operator-bundle", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp2/3scale-rhel7-operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp2/3scale-rhel9-operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/acm-grafana-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "rhacs-eng/release-operator", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Affected", "package_name" : "rhacs-eng/release-roxctl", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Affected", "package_name" : "rhacs-eng/release-scanner-v4", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "flightctl", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/flightctl-alert-exporter", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/flightctl-alertmanager-proxy", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/flightctl-api", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/flightctl-cli-artifacts", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/flightctl-db-setup", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/flightctl-pam-issuer", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/flightctl-periodic", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/flightctl-telemetry-gateway", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/flightctl-userinfo-proxy", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/flightctl-worker", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "go-fdo-server", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Hardened Images", "fix_state" : "Not affected", "package_name" : "caddy", "cpe" : "cpe:/a:redhat:hummingbird:1" }, { "product_name" : "Red Hat Hardened Images", "fix_state" : "Affected", "package_name" : "go-fdo-server", "cpe" : "cpe:/a:redhat:hummingbird:1" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-maas-api-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-ml-pipelines-api-server-v2-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-ml-pipelines-driver-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-ml-pipelines-launcher-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-model-registry-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "rhceph-dev/odf4-odf-cloudnative-pg-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/quay-clair-v3-17", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "securesign/certificate-transparency-go", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "securesign/trillian-createtree", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "securesign/trillian-database", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "securesign/trillian-logserver", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "securesign/trillian-logsigner", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "securesign/trillian-updatetree", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Zero Trust Workload Identity Manager", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/spiffe-spire-agent-1-13-3", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:1" }, { "product_name" : "Zero Trust Workload Identity Manager", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/spiffe-spire-oidc-discovery-provider-1-13-3", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:1" }, { "product_name" : "Zero Trust Workload Identity Manager", "fix_state" : "Not affected", "package_name" : "redhat-user-workloads/spiffe-spire-server-1-13-3", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:1" }, { "product_name" : "Zero Trust Workload Identity Manager - Tech Preview", "fix_state" : "Will not fix", "package_name" : "redhat-user-workloads/spiffe-spire-agent-1-12-4", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:0" }, { "product_name" : "Zero Trust Workload Identity Manager - Tech Preview", "fix_state" : "Will not fix", "package_name" : "redhat-user-workloads/spiffe-spire-oidc-discovery-provider-1-12-4", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:0" }, { "product_name" : "Zero Trust Workload Identity Manager - Tech Preview", "fix_state" : "Will not fix", "package_name" : "redhat-user-workloads/spiffe-spire-server-1-12-4", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-33815\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33815\nhttps://pkg.go.dev/vuln/GO-2026-4771" ], "name" : "CVE-2026-33815", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }