CVE-2026-32286

high Red Hat
CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 80% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: March 26, 2026 (106 days ago)
Last Modified: March 26, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT

Description

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

CWE

CWE-1285

Affected Products

Assisted Installer for Red Hat OpenShift Container Platform 2Multicluster Engine for KubernetesMulticluster Global HubRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Advanced Cluster Security 4Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)

Fix Status

✅ Fix Available

References