CVE Vulnerabilities

CVE-2026-6322

Interpretation Conflict

Published: May 05, 2026 | Modified: Jul 10, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator, changing the URIs authority to the second domain. Applications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the input appeared to specify. Versions <= 3.1.1 are affected. Update to 3.1.2 or later.

Weakness

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B’s state.

Affected Software

NameVendorStart VersionEnd Version
Fast-uriOpenjsf*3.1.2 (excluding)
Red Hat Ansible Automation Platform 2.6 for RHEL 9RedHatautomation-platform-ui-0:2.6.10-1.el9ap*
Red Hat Enterprise Linux 10RedHatrh-podman-desktop-0:1.1.1-1.el10_2*
Cluster Observability Operator 1.5.0RedHatcluster-observability-operator/distributed-tracing-console-plugin-pf4-rhel9:1782840519*
Cluster Observability Operator 1.5.0RedHatcluster-observability-operator/distributed-tracing-console-plugin-pf5-rhel9:1782839981*
Cluster Observability Operator 1.5.0RedHatcluster-observability-operator/distributed-tracing-console-plugin-pf6-rhel9:1782839193*
Cluster Observability Operator 1.5.0RedHatcluster-observability-operator/distributed-tracing-console-plugin-rhel9:1782838753*
Cluster Observability Operator 1.5.0RedHatcluster-observability-operator/logging-console-plugin-pf4-rhel9:1782839279*
Cluster Observability Operator 1.5.0RedHatcluster-observability-operator/logging-console-plugin-pf5-rhel9:1782840539*
Cluster Observability Operator 1.5.0RedHatcluster-observability-operator/logging-console-plugin-rhel9:1782841925*
Cluster Observability Operator 1.5.0RedHatcluster-observability-operator/monitoring-console-plugin-rhel9:1782838476*
Cluster Observability Operator 1.5.0RedHatcluster-observability-operator/troubleshooting-panel-console-plugin-pf6-rhel9:1782839996*
Cluster Observability Operator 1.5.0RedHatcluster-observability-operator/troubleshooting-panel-console-plugin-rhel9:1782839494*
Multicluster engine for Kubernetes 2.11RedHatmulticluster-engine/console-mce-rhel9:1780910888*
Red Hat Advanced Cluster Management for Kubernetes 2.16RedHatrhacm2/console-rhel9:1780600823*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/gateway-rhel9:1782761510*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-tech-preview/mcp-server-rhel9:1782721130*
Red Hat Developer Hub 1.10RedHatrhdh/rhdh-hub-rhel9:1783448184*
Red Hat Developer Hub 1.9RedHatrhdh/rhdh-hub-rhel9:1781187342*
Red Hat Discovery 2RedHatdiscovery/discovery-ui-rhel9:1782166952*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-ui-ocp-rhel9:1783502765*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-ui-rhel9:1783502438*
Red Hat OpenShift Container Platform 4.19RedHatopenshift4/ose-monitoring-plugin-rhel9:1782880472*
Red Hat OpenShift Container Platform 4.20RedHatopenshift4/ose-monitoring-plugin-rhel9:1782313844*
Red Hat OpenShift Container Platform 4.21RedHatopenshift4/ose-monitoring-plugin-rhel9:1782308519*
Red Hat OpenShift Container Platform 4.21RedHatopenshift4/nmstate-console-plugin-rhel9:1782914001*
Red Hat OpenShift Container Platform 4.22RedHatopenshift4/ose-console-rhel9:1782224390*
Red Hat OpenShift Container Platform 4.22RedHatopenshift4/ose-monitoring-plugin-rhel9:1782224316*
Red Hat OpenShift Container Platform 4.22RedHatopenshift4/nmstate-console-plugin-rhel9:1782224099*
Red Hat Quay 3.10RedHatquay/quay-rhel8:1782487717*
Red Hat Quay 3.12RedHatquay/quay-rhel8:1781937357*
Red Hat Quay 3.9RedHatquay/quay-rhel8:1781878070*
Red Hat Satellite 6.18RedHatsatellite/iop-vulnerability-frontend-rhel9:1781032495*
Node-ajvUbuntuquesting*

References