CVE Vulnerabilities

CVE-2026-42508

Improper Certificate Validation

Published: May 22, 2026 | Modified: Jul 10, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.4 IMPORTANT
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Previously, a revoked SignatureKey belonging to a CA was not correctly checked for revocation. Now, both the key and key.SignatureKey are checked for @revoked.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

NameVendorStart VersionEnd Version
CryptoGolang*0.52.0 (excluding)
Red Hat Enterprise Linux 10RedHatpodman-7:5.8.2-4.el10_2*
Red Hat Enterprise Linux 8RedHatcontainer-tools:rhel8-8100020260701102925.afee755d*
Red Hat Enterprise Linux 9RedHatpodman-6:5.8.2-4.el9_8*
RHEM 1.0 for RHEL 9RedHatflightctl-0:1.0.3-1.el9em*
DevWorkspace Operator 0.42RedHatdevworkspace/devworkspace-rhel9-operator:1782401674*
Red Hat Advanced Cluster Security for Kubernetes 4.10RedHatadvanced-cluster-security/rhacs-main-rhel8:1781686458*
Red Hat Advanced Cluster Security for Kubernetes 4.9RedHatadvanced-cluster-security/rhacs-main-rhel8:1781686446*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-api-rhel9:1783502025*
Red Hat Hardened ImagesRedHatgolang1-25-main-1.25.11-2.hum1*
Red Hat Hardened ImagesRedHatgolang1-26-main-1.26.4-2.hum1*
Red Hat OpenShift Builds 1.7.4RedHatopenshift-builds/openshift-builds-waiters-rhel9:1783057868*
Red Hat Openshift Data Foundation 4.22RedHatodf4/cephcsi-rhel9:1782932114*
Red Hat Openshift Data Foundation 4.22RedHatodf4/cephcsi-rhel9-operator:1782931768*
Red Hat Openshift Data Foundation 4.22RedHatodf4/devicefinder-rhel9:1782932104*
Red Hat Openshift Data Foundation 4.22RedHatodf4/mcg-core-rhel9:1783536000*
Red Hat Openshift Data Foundation 4.22RedHatodf4/mcg-rhel9-operator:1783535989*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-client-console-rhel9:1783536515*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-client-rhel9-operator:1782932521*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-metrics-exporter-rhel9:1783018461*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-rhel9-operator:1783018421*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-blackbox-exporter-rhel9:1782932812*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-cli-rhel9:1783537001*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-cloudnative-pg-rhel9-operator:1782932919*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-console-rhel9:1783537586*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-cosi-sidecar-rhel9:1782932969*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-csi-addons-rhel9-operator:1782933015*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-csi-addons-sidecar-rhel9:1782933042*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-drbd-rhel9:1783537392*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-external-snapshotter-rhel9-operator:1782933235*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-external-snapshotter-sidecar-rhel9:1782933251*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-multicluster-console-rhel9:1783537955*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-multicluster-rhel9-operator:1782933417*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-must-gather-rhel9:1783537742*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-rhel9-operator:1782933602*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odr-rhel9-operator:1783019377*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odr-volsync-plugin-mover-rhel9:1782934054*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odr-volsync-plugin-rhel9-operator:1782934036*
Red Hat Openshift Data Foundation 4.22RedHatodf4/rook-ceph-rhel9-operator:1782934284*
Red Hat Trusted Artifact Signer 1.4RedHatconforma-cli-stack-v1-4-1.4.2*
Red Hat Trusted Artifact Signer 1.4RedHatconforma-cli-stack-v1-4-1.4.2*
Golang-go.cryptoUbuntuesm-apps/bionic*
Golang-go.cryptoUbuntuesm-apps/focal*
Golang-go.cryptoUbuntuesm-apps/jammy*
Golang-go.cryptoUbuntuesm-apps/noble*
Golang-go.cryptoUbuntuesm-apps/resolute*
Golang-go.cryptoUbuntujammy*
Golang-go.cryptoUbuntunoble*
Golang-go.cryptoUbuntuquesting*
Golang-go.cryptoUbunturesolute*
Golang-go.cryptoUbuntuupstream*
LxdUbuntuesm-infra-legacy/xenial*
LxdUbuntuesm-infra/bionic*
SnapdUbuntuquesting*

Potential Mitigations

References