Red Hat Multicluster Globalhub
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Multicluster Globalhub.
Recent Red Hat Multicluster Globalhub Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2025:9388 | (RHSA-2025:9388) Important: Red Hat Multicluster GlobalHub 1.2.3 bug fixes and container updates | June 23, 2025 |
| RHSA-2025:0560 | (RHSA-2025:0560) Important: Red Hat Multicluster GlobalHub 1.2.1 bug fixes and container updates | January 21, 2025 |
| RHSA-2024:0989 | (RHSA-2024:0989) Critical: Red Hat Multicluster GlobalHub 1.0.2 bug fixes and security updates | February 26, 2024 |
By the Year
In 2026 there have been 1 vulnerability in Red Hat Multicluster Globalhub with an average score of 7.5 out of ten. Last year, in 2025 Multicluster Globalhub had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Multicluster Globalhub in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.93.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 7.50 |
| 2025 | 3 | 6.57 |
It may take a day or so for new Multicluster Globalhub vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Multicluster Globalhub Security Vulnerabilities
Negative DataRow Length in pgproto3 Leading to DoS
CVE-2026-4427
7.5 - High
- March 19, 2026
A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds out of range panic.
out-of-bounds array index
Nx npm package tampering: FS scan and credential exfil to GitHub
CVE-2025-10894
9.6 - Critical
- September 24, 2025
Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.
Embedded Malicious Code
Operator SDK <0.15.2 RCE via insecure user_setup /etc/passwd
CVE-2025-7195
6.4 - Medium
- August 07, 2025
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Incorrect Default Permissions
CIRCL FourQ RCE via Low-Order Point Injection in Diffie-Hellman
CVE-2025-8556
3.7 - Low
- August 06, 2025
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
Improper Validation of Specified Type of Input
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Multicluster Globalhub or by Red Hat? Click the Watch button to subscribe.
