Red Hat Product Errata RHSA-2026:8842 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8842 - Security Advisory Overview Updated Packages Synopsis Important: delve security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for delve is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out of your way as much as possible. Security Fix(es): crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Fixes BZ - 2445345 - CVE-2026-27137 crypto/x509: Incorrect enforcement of email constraints in crypto/x509 BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 CVE-2026-27137 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM delve-1.25.2-3.el10_1.src.rpm SHA-256: 834de36372425d2f48efa3ed81f08bfa70040a5bf68d08099cfc657e5aa4a1c4 x86_64 delve-1.25.2-3.el10_1.x86_64.rpm SHA-256: 9380630e8867e0e03ed3f0821fe7eb930008a7905c41c3eed59af876d7d809e2 delve-debuginfo-1.25.2-3.el10_1.x86_64.rpm SHA-256: daedecf158fb56fc8ee807325ea4d40696a2183ac631213e315db12f05a4bcdf delve-debugsource-1.25.2-3.el10_1.x86_64.rpm SHA-256: 3b9fce421bd0adbbe69761fa2f9ea02a521ca67cc9e38c0d42d3b2dd58fd070c Red Hat Enterprise Linux for Power, little endian 10 SRPM delve-1.25.2-3.el10_1.src.rpm SHA-256: 834de36372425d2f48efa3ed81f08bfa70040a5bf68d08099cfc657e5aa4a1c4 ppc64le delve-1.25.2-3.el10_1.ppc64le.rpm SHA-256: c23f2a14712ab2211f24afed643bc14eff0e7abb05a6c0a89544088b59fabacb delve-debuginfo-1.25.2-3.el10_1.ppc64le.rpm SHA-256: 0b2f3871808e218ff6b2a5510561539853fced6628db549dbe8adea463327f44 delve-debugsource-1.25.2-3.el10_1.ppc64le.rpm SHA-256: 85d5df0031d88edc5725c5355a45e46c6a6ee7cf51197ab751b735ded1b1641f Red Hat Enterprise Linux for ARM 64 10 SRPM delve-1.25.2-3.el10_1.src.rpm SHA-256: 834de36372425d2f48efa3ed81f08bfa70040a5bf68d08099cfc657e5aa4a1c4 aarch64 delve-1.25.2-3.el10_1.aarch64.rpm SHA-256: e4482047f7f91b3b33e914f4d988a87e6705ba3cf462ff68dd1b69658f9d48a5 delve-debuginfo-1.25.2-3.el10_1.aarch64.rpm SHA-256: 2a6b8f1b6b618f9de0a59da375b89a2dad9b477e1c43253b8d97ca63fd6b22ac delve-debugsource-1.25.2-3.el10_1.aarch64.rpm SHA-256: fd659543287ec691e1a8ea884d231f98b76ca82443e129a796a4f58325f7dc38 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .