Openshift service mesh

This hub aggregates every CVE we track for Openshift service mesh, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Openshift service mesh.

• CVE-2026-33812Excessive memory allocation when decoding malicious SFNT in golang.org/x/image6.1Apr 21, 2026
• CVE-2026-32281Inefficient policy validation in crypto/x5097.5Apr 8, 2026
• CVE-2026-32280Unexpected work during chain building in crypto/x5097.5Apr 8, 2026
• CVE-2026-32283Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls7.5Apr 8, 2026
• CVE-2026-32288Unbounded allocation for old GNU sparse in archive/tar5.5Apr 8, 2026
• CVE-2026-27143Missing bound checks can lead to memory corruption in safe Go in cmd/compile9.8Apr 8, 2026
• CVE-2026-33810Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x5098.2Apr 8, 2026
• CVE-2026-32289JsBraceDepth Context Tracking Bugs (XSS) in html/template6.1Apr 8, 2026
• CVE-2026-27144Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile7.1Apr 8, 2026
• CVE-2026-32282TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix6.4Apr 8, 2026
• CVE-2026-33748BuildKit Git URL subdir component can cause access to restricted files7.5Mar 27, 2026
• CVE-2026-33747BuildKit vulnerable to malicious frontend causing file escape outside of storage root8.4Mar 27, 2026
• CVE-2026-33809OOM from malicious IFD offset in golang.org/x/image/tiff5.3Mar 25, 2026
• CVE-2026-25645Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function4.4Mar 25, 2026
• CVE-2026-27142URLs in meta content attribute actions are not escaped in html/template6.1Mar 6, 2026