Details:
Kiali 2.4.16, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
- CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13246)
- CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13554, OSSM-13558)
- CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13691, OSSM-13695)
- CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13597, OSSM-13598)
- CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13713, OSSM-13717)
- CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13727, OSSM-13731)
- CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13741, OSSM-13745)
- CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (OSSM-13777, OSSM-13778)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.