Details:
An update is now available for Red Hat Lightspeed (formerly Insights) for Runtimes on RHEL 9.
Security fix(es):
- gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)
- crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)
- internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
- crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
- crypto/x509: crypto/tls: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
- crypto/x509: Certificate validation bypass due to incorrect DNS constraint application (CVE-2026-33810)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.