CVE-2026-6322
Detail
Modified After Enrichment
This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
Description
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator, changing the URI's authority to the second domain. Applications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the input appeared to specify. Versions <= 3.1.1 are affected. Update to 3.1.2 or later.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.0 Severity and Vector Strings:
NVD assessment
not yet provided.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected] .
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-140
Improper Neutralization of Delimiters
redhat-SADP  
CWE-436
Interpretation Conflict
openjs  
Change History
12 change records found show changes
CVE Modified by redhat-SADP
7/14/2026 8:17:14 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:37186
CVE Modified by redhat-SADP
7/10/2026 8:17:25 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:37385
Changed
Affected
Record truncated, showing 2048 of 5925 characters.
View Entire Change Record
[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.10::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Edge Manager 1.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:edge_manager:1.0::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.19::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.10::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.12::el8"]},{"
Record truncated, showing 2048 of 5951 characters.
View Entire Change Record
[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Extensions Channel (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.10::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Edge Manager 1.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:edge_manager:1.0::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.19::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","defaultStatus":"affected","c
CVE Modified by redhat-SADP
7/09/2026 9:17:30 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:34766
Added
Reference
https://access.redhat.com/errata/RHSA-2026:36651
Added
Reference
https://access.redhat.com/errata/RHSA-2026:36754
Changed
Affected
Record truncated, showing 2048 of 5519 characters.
View Entire Change Record
[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.10::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.12::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.9::el8"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.11","defaultStatus":"affected","cpes":["cpe:/a:redhat:multicluster_engine:2.11::el9"]},{"vendor"
Record truncated, showing 2048 of 5925 characters.
View Entire Change Record
[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.10::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Edge Manager 1.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:edge_manager:1.0::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.19::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.10::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.12::el8"]},{"
CVE Modified by redhat-SADP
7/08/2026 9:16:57 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:34770
CVE Modified by redhat-SADP
7/03/2026 9:17:31 AM
Action
Type
Old Value
New Value
Changed
Affected
Record truncated, showing 2048 of 5517 characters.
View Entire Change Record
[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.10::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.12::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.9::el8"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.11","defaultStatus":"affected","cpes":["cpe:/a:redhat:multicluster_engine:2.11::el9"]},{"vendor"
Record truncated, showing 2048 of 5519 characters.
View Entire Change Record
[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.10::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.12::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.9::el8"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.11","defaultStatus":"affected","cpes":["cpe:/a:redhat:multicluster_engine:2.11::el9"]},{"vendor"
CVE Modified by redhat-SADP
7/02/2026 8:17:43 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:34160
Added
Reference
https://access.redhat.com/errata/RHSA-2026:34342
Added
Reference
https://access.redhat.com/errata/RHSA-2026:34374
Changed
Affected
Record truncated, showing 2048 of 4957 characters.
View Entire Change Record
[{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.10::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.12::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.9::el8"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.11","defaultStatus":"affected","cpes":["cpe:/a:redhat:multicluster_engine:2.11::el9"]},{"vendor":"Red Hat","product":"Confidential Compute Attestation","defaultStatus":"affected","cpes":["cpe:/a:redhat:confidential_compute_attestation:1"]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"affected","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"Migration Toolkit for Containers","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhmt:1"]},{"vendor":"Red Hat","product":"Network Observability Operator","defaultStatus":"affected","cpes":["cpe:/a:redhat:network_observ_optr:1"]
Record truncated, showing 2048 of 5517 characters.
View Entire Change Record
[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.10::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.12::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.9::el8"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.11","defaultStatus":"affected","cpes":["cpe:/a:redhat:multicluster_engine:2.11::el9"]},{"vendor"
CVE Modified by redhat-SADP
7/01/2026 9:17:48 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:29795
Added
Reference
https://access.redhat.com/errata/RHSA-2026:29796
Added
Reference
https://access.redhat.com/errata/RHSA-2026:29800
Added
Reference
https://access.redhat.com/errata/RHSA-2026:29834
Added
Reference
https://access.redhat.com/errata/RHSA-2026:33683
Changed
Affected
Record truncated, showing 2048 of 4398 characters.
View Entire Change Record
[{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.12::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.9::el8"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.11","defaultStatus":"affected","cpes":["cpe:/a:redhat:multicluster_engine:2.11::el9"]},{"vendor":"Red Hat","product":"Confidential Compute Attestation","defaultStatus":"affected","cpes":["cpe:/a:redhat:confidential_compute_attestation:1"]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"affected","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"Migration Toolkit for Containers","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhmt:1"]},{"vendor":"Red Hat","product":"Network Observability Operator","defaultStatus":"affected","cpes":["cpe:/a:redhat:network_observ_optr:1"]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_lightspeed"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"
Record truncated, showing 2048 of 4957 characters.
View Entire Change Record
[{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.10::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.12::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.9::el8"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.11","defaultStatus":"affected","cpes":["cpe:/a:redhat:multicluster_engine:2.11::el9"]},{"vendor":"Red Hat","product":"Confidential Compute Attestation","defaultStatus":"affected","cpes":["cpe:/a:redhat:confidential_compute_attestation:1"]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"affected","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"Migration Toolkit for Containers","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhmt:1"]},{"vendor":"Red Hat","product":"Network Observability Operator","defaultStatus":"affected","cpes":["cpe:/a:redhat:network_observ_optr:1"]
CVE Modified by redhat-SADP
6/29/2026 11:21:12 PM
Action
Type
Old Value
New Value
Added
CVSS V3.1
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Added
CWE
CWE-140
Added
Reference
https://access.redhat.com/errata/RHSA-2026:25271
Added
Reference
https://access.redhat.com/errata/RHSA-2026:25273
Added
Reference
https://access.redhat.com/errata/RHSA-2026:26225
Added
Reference
https://access.redhat.com/errata/RHSA-2026:26234
Added
Reference
https://access.redhat.com/errata/RHSA-2026:28571
Added
Reference
https://access.redhat.com/errata/RHSA-2026:29197
Added
Reference
https://access.redhat.com/errata/RHSA-2026:30076
Added
Reference
https://access.redhat.com/security/cve/CVE-2026-6322
Added
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=2466684
Added
Reference
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6322.json
Added
Affected
Record truncated, showing 2048 of 4398 characters.
View Entire Change Record
[{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.12::el8"]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","defaultStatus":"affected","cpes":["cpe:/a:redhat:quay:3.9::el8"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.11","defaultStatus":"affected","cpes":["cpe:/a:redhat:multicluster_engine:2.11::el9"]},{"vendor":"Red Hat","product":"Confidential Compute Attestation","defaultStatus":"affected","cpes":["cpe:/a:redhat:confidential_compute_attestation:1"]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"affected","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"Migration Toolkit for Containers","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhmt:1"]},{"vendor":"Red Hat","product":"Network Observability Operator","defaultStatus":"affected","cpes":["cpe:/a:redhat:network_observ_optr:1"]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_lightspeed"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"
CVE Modified by CISA-ADP
6/17/2026 7:00:40 AM
Action
Type
Old Value
New Value
Added
SSVC
{"timestamp":"2026-05-05T12:55:25.956279Z","id":"CVE-2026-6322","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}
CVE Modified by openjs
6/17/2026 7:00:40 AM
Action
Type
Old Value
New Value
Added
Affected
[{"vendor":"fast-uri","product":"fast-uri","defaultStatus":"unaffected","packageURL":"pkg:npm/fast-uri","versions":[{"version":"0","lessThan":"3.1.2","versionType":"semver","status":"affected"},{"version":"3.1.2","versionType":"semver","status":"unaffected"}]}]
Initial Analysis by NIST
5/12/2026 3:11:31 PM
Action
Type
Old Value
New Value
Added
CPE Configuration
OR
*cpe:2.3:a:openjsf:fast-uri:*:*:*:*:*:node.js:*:* versions up to (excluding) 3.1.2
Added
Reference Type
openjs: https://cna.openjsf.org/security-advisories.html Types: Vendor Advisory
Added
Reference Type
openjs: https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc Types: Vendor Advisory
New CVE Received from openjs
5/05/2026 7:16:33 AM
Action
Type
Old Value
New Value
Added
Description
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator, changing the URI's authority to the second domain. Applications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the input appeared to specify. Versions <= 3.1.1 are affected. Update to 3.1.2 or later.
Added
CVSS V3.1
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Added
CWE
CWE-436
Added
Reference
https://cna.openjsf.org/security-advisories.html
Added
Reference
https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc
Quick Info
CVE Dictionary Entry: CVE-2026-6322 NVD
Published Date: 05/05/2026 NVD
Last Modified: 07/14/2026
Source: openjs