Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
OpenShift Container Platform: Unpatched Security Flaw Exposes User Data
RHSA-2026:2670
Summary
OpenShift Container Platform users may be at risk of data exposure due to an unaddressed security flaw. If not patched, an attacker could potentially access sensitive user data. Red Hat has released a security update to fix the issue, and administrators should apply it as soon as possible.
What to do
- Update redhat openshift to version 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8.
- Update redhat openshift-hyperkube to version 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8.
- Update redhat openshift-kube-apiserver to version 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8.
- Update redhat openshift-kube-controller-manager to version 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8.
- Update redhat openshift-kube-scheduler to version 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8.
- Update redhat openshift-kubelet to version 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8.
- Update redhat openshift to version 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9.
- Update redhat openshift-hyperkube to version 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9.
- Update redhat openshift-kube-apiserver to version 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9.
- Update redhat openshift-kube-controller-manager to version 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9.
- Update redhat openshift-kube-scheduler to version 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9.
- Update redhat openshift-kubelet to version 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | openshift | <= 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8 | 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8 |
| redhat | openshift-hyperkube | <= 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8 | 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8 |
| redhat | openshift-kube-apiserver | <= 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8 | 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8 |
| redhat | openshift-kube-controller-manager | <= 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8 | 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8 |
| redhat | openshift-kube-scheduler | <= 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8 | 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8 |
| redhat | openshift-kubelet | <= 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8 | 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el8 |
| redhat | openshift | <= 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9 | 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9 |
| redhat | openshift-hyperkube | <= 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9 | 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9 |
| redhat | openshift-kube-apiserver | <= 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9 | 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9 |
| redhat | openshift-kube-controller-manager | <= 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9 | 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9 |
| redhat | openshift-kube-scheduler | <= 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9 | 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9 |
| redhat | openshift-kubelet | <= 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9 | 0:4.17.0-202602031716.p2.g4e295fa.assembly.stream.el9 |
Original title
Red Hat Security Advisory: OpenShift Container Platform 4.17.49 packages and security update
osv CVSS3.1
7.5
- https://access.redhat.com/errata/RHSA-2026:2670 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#moderate Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418900 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2670.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-65637 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-65637 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-65637 Vendor Advisory
- https://github.com/mjuanxd/logrus-dos-poc Third Party Advisory
- https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md Third Party Advisory
- https://github.com/sirupsen/logrus/issues/1370 Third Party Advisory
- https://github.com/sirupsen/logrus/pull/1376 Third Party Advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.8.3 Third Party Advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.1 Third Party Advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.3 Third Party Advisory
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 Third Party Advisory
Published: 19 Feb 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026