This Important security update for rhc-worker-playbook addresses two High-severity vulnerabilities (CVE-2026-27137 and CVE-2026-25679, both CVSS 7.5) in its underlying Go components: an incorrect enforcement of email constraints in crypto/x509 and an incorrect parsing of IPv6 host literals in net/url. The affected component, golang go, is vulnerable in versions prior to 1.25.8 and also in version 1.26.0. The fix is included in the provided rhc-worker-playbook package update for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Errata RHSA-2026:10929 - Security Advisory Issued: 2026-04-27 Updated: 2026-04-27 RHSA-2026:10929 - Security Advisory Overview Updated Packages Synopsis Important: rhc-worker-playbook security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for rhc-worker-playbook is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description A worker for yggdrasil that receives Ansible playbooks and executes them against the local host. Security Fix(es): crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2445345 - CVE-2026-27137 crypto/x509: Incorrect enforcement of email constraints in crypto/x509 BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 CVE-2026-27137 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM rhc-worker-playbook-0.2.3-4.el10_0.src.rpm SHA-256: d9be9308dd1c345221b874eba2784cfa09b6d723b35edf71962940e291bade6d x86_64 rhc-worker-playbook-0.2.3-4.el10_0.x86_64.rpm SHA-256: 52a7396a8144a9ba5c4deb9b3ca822779e39c92445069a912034da4f91519334 rhc-worker-playbook-debuginfo-0.2.3-4.el10_0.x86_64.rpm SHA-256: 1a68662d911b4b8bc293798b5b3e1ba526494b033e66a56cbd6550c72392e97c rhc-worker-playbook-debugsource-0.2.3-4.el10_0.x86_64.rpm SHA-256: 76d68e1a18e3192a8e742198ad9fb838fa24c4bf8fd234b416d84e2080634668 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM rhc-worker-playbook-0.2.3-4.el10_0.src.rpm SHA-256: d9be9308dd1c345221b874eba2784cfa09b6d723b35edf71962940e291bade6d s390x rhc-worker-playbook-0.2.3-4.el10_0.s390x.rpm SHA-256: f836054cf766aa6de6a6bc17aab27ba03fd4bd0238f6fb6d3213614396b2e5f7 rhc-worker-playbook-debuginfo-0.2.3-4.el10_0.s390x.rpm SHA-256: 06a317177338142a90dcd2d177a7a8121639c6d09f1c7149b3573475c8bdc0e3 rhc-worker-playbook-debugsource-0.2.3-4.el10_0.s390x.rpm SHA-256: 89d3a89322f7c93c4b2268c17436924719cf182c69cb2cfbde17cc130d4bfda7 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM rhc-worker-playbook-0.2.3-4.el10_0.src.rpm SHA-256: d9be9308dd1c345221b874eba2784cfa09b6d723b35edf71962940e291bade6d ppc64le rhc-worker-playbook-0.2.3-4.el10_0.ppc64le.rpm SHA-256: 017b59fe7901a534fdeffb4734fed66bf63568748e2c12825676f14941be76cb rhc-worker-playbook-debuginfo-0.2.3-4.el10_0.ppc64le.rpm SHA-256: 45569801aaca4e417ee903a9282152c5222f4ecbd9245c7e4e567e4502e632ef rhc-worker-playbook-debugsource-0.2.3-4.el10_0.ppc64le.rpm SHA-256: 3310f19acd3b22a0384bd61f59f2cf5d3eb4a67477939c7f7dbb7f490fb9c55c Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM rhc-worker-playbook-0.2.3-4.el10_0.src.rpm SHA-256: d9be9308dd1c345221b874eba2784cfa09b6d723b35edf71962940e291bade6d aarch64 rhc-worker-playbook-0.2.3-4.el10_0.aarch64.rpm SHA-256: e243223939ca8dd44226c7b7d665761d09d1e3586ae809dab4e88f9848b3bcc7 rhc-worker-playbook-debuginfo-0.2.3-4.el10_0.aarch64.rpm SHA-256: 996d47c3cfe21b9072a9cbaa3b0a450df3979b4b40f25bca1f460a36aff98d44 rhc-worker-playbook-debugsource-0.2.3-4.el10_0.aarch64.rpm SHA-256: 260504142d1e5ffb9d9888acf0c3af7290c2a1c481d9311d5361daa0f4721e07 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM rhc-worker-playbook-0.2.3-4.el10_0.src.rpm SHA-256: d9be9308dd1c345221b874eba2784cfa09b6d723b35edf71962940e291bade6d aarch64 rhc-worker-playbook-0.2.3-4.el10_0.aarch64.rpm SHA-256: e243223939ca8dd44226c7b7d665761d09d1e3586ae809dab4e88f9848b3bcc7 rhc-worker-playbook-debuginfo-0.2.3-4.el10_0.aarch64.rpm SHA-256: 996d47c3cfe21b9072a9cbaa3b0a450df3979b4b40f25bca1f460a36aff98d44 rhc-worker-playbook-debugsource-0.2.3-4.el10_0.aarch64.rpm SHA-256: 260504142d1e5ffb9d9888acf0c3af7290c2a1c481d9311d5361daa0f4721e07 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM rhc-worker-playbook-0.2.3-4.el10_0.src.rpm SHA-256: d9be9308dd1c345221b874eba2784cfa09b6d723b35edf71962940e291bade6d s390x rhc-worker-playbook-0.2.3-4.el10_0.s390x.rpm SHA-256: f836054cf766aa6de6a6bc17aab27ba03fd4bd0238f6fb6d3213614396b2e5f7 rhc-worker-playbook-debuginfo-0.2.3-4.el10_0.s390x.rpm SHA-256: 06a317177338142a90dcd2d177a7a8121639c6d09f1c7149b3573475c8bdc0e3 rhc-worker-playbook-debugsource-0.2.3-4.el10_0.s390x.rpm SHA-256: 89d3a89322f7c93c4b2268c17436924719cf182c69cb2cfbde17cc130d4bfda7 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM rhc-worker-playbook-0.2.3-4.el10_0.src.rpm SHA-256: d9be9308dd1c345221b874eba2784cfa09b6d723b35edf71962940e291bade6d ppc64le rhc-worker-playbook-0.2.3-4.el10_0.ppc64le.rpm SHA-256: 017b59fe7901a534fdeffb4734fed66bf63568748e2c12825676f14941be76cb rhc-worker-playbook-debuginfo-0.2.3-4.el10_0.ppc64le.rpm SHA-256: 45569801aaca4e417ee903a9282152c5222f4ecbd9245c7e4e567e4502e632ef rhc-worker-playbook-debugsource-0.2.3-4.el10_0.ppc64le.rpm SHA-256: 3310f19acd3b22a0384bd61f59f2cf5d3eb4a67477939c7f7dbb7f490fb9c55c Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM rhc-worker-playbook-0.2.3-4.el10_0.src.rpm SHA-256: d9be9308dd1c345221b874eba2784cfa09b6d723b35edf71962940e291bade6d x86_64 rhc-worker-playbook-0.2.3-4.el10_0.x86_64.rpm SHA-256: 52a7396a8144a9ba5c4deb9b3ca822779e39c92445069a912034da4f91519334 rhc-worker-playbook-debuginfo-0.2.3-4.el10_0.x86_64.rpm SHA-256: 1a68662d911b4b8bc293798b5b3e1ba526494b033e66a56cbd6550c72392e97c rhc-worker-playbook-debugsource-0.2.3-4.el10_0.x86_64.rpm SHA-256: 76d68e1a18e3192a8e742198ad9fb838fa24c4bf8fd234b416d84e2080634668 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .