A vulnerability (CVE-2026-25679, CVSS 7.5 High) in the grafana-pcp plugin for Red Hat Enterprise Linux 10.0 EUS involves incorrect parsing of IPv6 host literals in the net/url library, which could be exploited to manipulate URL handling. The security update addresses this issue in the grafana-pcp packages.
Red Hat Product Errata RHSA-2026:8931 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8931 - Security Advisory Overview Updated Packages Synopsis Important: grafana-pcp security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for grafana-pcp is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM grafana-pcp-5.2.2-5.el10_0.src.rpm SHA-256: 77e9782ce68675657446156865f82d199e59515b31890199a0986aaf8fbdd416 x86_64 grafana-pcp-5.2.2-5.el10_0.x86_64.rpm SHA-256: adab3ada656781bfea8f618915e3f53ee06634fc407e82128f4dacf0481730ea grafana-pcp-debuginfo-5.2.2-5.el10_0.x86_64.rpm SHA-256: b41fba01584c59282335c3e230fd797ace93a3c65cfc490a17f9e82b5a14e84d grafana-pcp-debugsource-5.2.2-5.el10_0.x86_64.rpm SHA-256: 78ebf6c5acd212f97bc800ed29363f27460ee987d0faddcb11c304e4574ba60e Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM grafana-pcp-5.2.2-5.el10_0.src.rpm SHA-256: 77e9782ce68675657446156865f82d199e59515b31890199a0986aaf8fbdd416 s390x grafana-pcp-5.2.2-5.el10_0.s390x.rpm SHA-256: 87ceafc657138045d85e60da59c970a631828cb848027c8399eff2e623544bb2 grafana-pcp-debuginfo-5.2.2-5.el10_0.s390x.rpm SHA-256: 1805fc49fb4e398b9e7375a2c81b94a19f45d68461ba90b4016594ca8a495942 grafana-pcp-debugsource-5.2.2-5.el10_0.s390x.rpm SHA-256: 4f50ab2e68caac1617e7ae00239ecdd48a329f820e7a9aa55b20f7b4dcc4da72 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM grafana-pcp-5.2.2-5.el10_0.src.rpm SHA-256: 77e9782ce68675657446156865f82d199e59515b31890199a0986aaf8fbdd416 ppc64le grafana-pcp-5.2.2-5.el10_0.ppc64le.rpm SHA-256: bf46c900a6f58df8c9954bf244498f689f5b6d3297cc109b6307f8c902aff606 grafana-pcp-debuginfo-5.2.2-5.el10_0.ppc64le.rpm SHA-256: 805dd2ab0252b8ad7f4d38c608b7cfaa75d4a20920e65b4642791ff4b72403ac grafana-pcp-debugsource-5.2.2-5.el10_0.ppc64le.rpm SHA-256: 24b23eea78e15d38f8de53b995b13c0e27a217f943600ecdc78e0dafe0662027 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM grafana-pcp-5.2.2-5.el10_0.src.rpm SHA-256: 77e9782ce68675657446156865f82d199e59515b31890199a0986aaf8fbdd416 aarch64 grafana-pcp-5.2.2-5.el10_0.aarch64.rpm SHA-256: 7b8c8f34f297bffd70b8f1287f32567f714e7c165fce6d71b2c7f895fbaae72c grafana-pcp-debuginfo-5.2.2-5.el10_0.aarch64.rpm SHA-256: 96df7e25c55d86583b402863e719655217b5204f46c9e6524cbaab88cd9d8155 grafana-pcp-debugsource-5.2.2-5.el10_0.aarch64.rpm SHA-256: da818e6d4305550c54e0b42c8df4f5364554d8d842f310e83a2a8e981321b815 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM grafana-pcp-5.2.2-5.el10_0.src.rpm SHA-256: 77e9782ce68675657446156865f82d199e59515b31890199a0986aaf8fbdd416 aarch64 grafana-pcp-5.2.2-5.el10_0.aarch64.rpm SHA-256: 7b8c8f34f297bffd70b8f1287f32567f714e7c165fce6d71b2c7f895fbaae72c grafana-pcp-debuginfo-5.2.2-5.el10_0.aarch64.rpm SHA-256: 96df7e25c55d86583b402863e719655217b5204f46c9e6524cbaab88cd9d8155 grafana-pcp-debugsource-5.2.2-5.el10_0.aarch64.rpm SHA-256: da818e6d4305550c54e0b42c8df4f5364554d8d842f310e83a2a8e981321b815 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM grafana-pcp-5.2.2-5.el10_0.src.rpm SHA-256: 77e9782ce68675657446156865f82d199e59515b31890199a0986aaf8fbdd416 s390x grafana-pcp-5.2.2-5.el10_0.s390x.rpm SHA-256: 87ceafc657138045d85e60da59c970a631828cb848027c8399eff2e623544bb2 grafana-pcp-debuginfo-5.2.2-5.el10_0.s390x.rpm SHA-256: 1805fc49fb4e398b9e7375a2c81b94a19f45d68461ba90b4016594ca8a495942 grafana-pcp-debugsource-5.2.2-5.el10_0.s390x.rpm SHA-256: 4f50ab2e68caac1617e7ae00239ecdd48a329f820e7a9aa55b20f7b4dcc4da72 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM grafana-pcp-5.2.2-5.el10_0.src.rpm SHA-256: 77e9782ce68675657446156865f82d199e59515b31890199a0986aaf8fbdd416 ppc64le grafana-pcp-5.2.2-5.el10_0.ppc64le.rpm SHA-256: bf46c900a6f58df8c9954bf244498f689f5b6d3297cc109b6307f8c902aff606 grafana-pcp-debuginfo-5.2.2-5.el10_0.ppc64le.rpm SHA-256: 805dd2ab0252b8ad7f4d38c608b7cfaa75d4a20920e65b4642791ff4b72403ac grafana-pcp-debugsource-5.2.2-5.el10_0.ppc64le.rpm SHA-256: 24b23eea78e15d38f8de53b995b13c0e27a217f943600ecdc78e0dafe0662027 Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM grafana-pcp-5.2.2-5.el10_0.src.rpm SHA-256: 77e9782ce68675657446156865f82d199e59515b31890199a0986aaf8fbdd416 x86_64 grafana-pcp-5.2.2-5.el10_0.x86_64.rpm SHA-256: adab3ada656781bfea8f618915e3f53ee06634fc407e82128f4dacf0481730ea grafana-pcp-debuginfo-5.2.2-5.el10_0.x86_64.rpm SHA-256: b41fba01584c59282335c3e230fd797ace93a3c65cfc490a17f9e82b5a14e84d grafana-pcp-debugsource-5.2.2-5.el10_0.x86_64.rpm SHA-256: 78ebf6c5acd212f97bc800ed29363f27460ee987d0faddcb11c304e4574ba60e The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .