Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Running server may crash with HTTP/2 frames from malicious clients
CLEANSTART-2026-SM37781
Summary
The cert-manager-fips package is affected. If a malicious client sends specific HTTP/2 frames, a running server may crash. Update the cert-manager-fips package to fix this issue.
What to do
- Update cert-manager-fips to version 1.19.2-r0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | cert-manager-fips | <= 1.19.2-r0 | 1.19.2-r0 |
Original title
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
Original description
Multiple security vulnerabilities affect the cert-manager-fips package. Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic See references for individual vulnerability details.
osv CVSS3.1
9.8
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advis... Vendor Advisory
- https://osv.dev/vulnerability/CVE-2025-47910 URL
- https://osv.dev/vulnerability/CVE-2025-47913 URL
- https://osv.dev/vulnerability/CVE-2025-47914 URL
- https://osv.dev/vulnerability/CVE-2025-58181 URL
- https://osv.dev/vulnerability/CVE-2025-58183 URL
- https://osv.dev/vulnerability/CVE-2025-58185 URL
- https://osv.dev/vulnerability/CVE-2025-58187 URL
- https://osv.dev/vulnerability/CVE-2025-58188 URL
- https://osv.dev/vulnerability/CVE-2025-58189 URL
- https://osv.dev/vulnerability/CVE-2025-61723 URL
- https://osv.dev/vulnerability/CVE-2025-61724 URL
- https://osv.dev/vulnerability/CVE-2025-61725 URL
- https://osv.dev/vulnerability/CVE-2025-61727 URL
- https://osv.dev/vulnerability/CVE-2025-61729 URL
- https://osv.dev/vulnerability/CVE-2026-27141 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-47910 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-47913 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-47914 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-58181 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-58183 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-58185 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-58187 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-58188 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-58189 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-61723 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-61724 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-61725 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-61727 URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-61729 URL
- https://nvd.nist.gov/vuln/detail/CVE-2026-27141 URL
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026