Red Hat Product Errata RHSA-2026:18027 - Security Advisory Issued: 2026-05-18 Updated: 2026-05-18 RHSA-2026:18027 - Security Advisory Overview Updated Packages Synopsis Important: grafana-pcp security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for grafana-pcp is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282) crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283) crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2456336 - CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root BZ - 2456338 - CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages BZ - 2456339 - CVE-2026-32280 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building CVEs CVE-2026-32280 CVE-2026-32282 CVE-2026-32283 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM grafana-pcp-5.2.2-6.el10_0.src.rpm SHA-256: ba22b4e8ffc172777ad35efce692cf31f04ae081508a674446f3bc46ded66a5c x86_64 grafana-pcp-5.2.2-6.el10_0.x86_64.rpm SHA-256: 2d5013d49f4c3ccec81c510463228ec39f5c2ab97a4a135fce74e0b891620a26 grafana-pcp-debuginfo-5.2.2-6.el10_0.x86_64.rpm SHA-256: 09c887853f92a0fdb2badcaa2acad1d6dd693a5433ebfef3cdbf251db250795e grafana-pcp-debugsource-5.2.2-6.el10_0.x86_64.rpm SHA-256: e8e674af1fc1ea2d8fe71a27a41a6be7014e4f49f55eb4633e7a751074e6aec6 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM grafana-pcp-5.2.2-6.el10_0.src.rpm SHA-256: ba22b4e8ffc172777ad35efce692cf31f04ae081508a674446f3bc46ded66a5c s390x grafana-pcp-5.2.2-6.el10_0.s390x.rpm SHA-256: 2b8296f5d7d4982d969d4a12bb6da3a1fd3297f6fa619c3d8f4eb019b7759681 grafana-pcp-debuginfo-5.2.2-6.el10_0.s390x.rpm SHA-256: 33903990f93d0320d36a4f57f566289e1cbf0141a32cc5b99a6b6cee5ce1cab6 grafana-pcp-debugsource-5.2.2-6.el10_0.s390x.rpm SHA-256: 6b04c3cbdb74bae30d566c7bcd742d8b9eb9ff53bea450a6392900095341c3f0 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM grafana-pcp-5.2.2-6.el10_0.src.rpm SHA-256: ba22b4e8ffc172777ad35efce692cf31f04ae081508a674446f3bc46ded66a5c ppc64le grafana-pcp-5.2.2-6.el10_0.ppc64le.rpm SHA-256: 7eaf5b7f62c964e5777234cbe2a85eb61d9dab418c04f1aff4c353a66bbee051 grafana-pcp-debuginfo-5.2.2-6.el10_0.ppc64le.rpm SHA-256: 544d8f626fbacdf717b321b45fb15fd6e9d0e9b7f2acf05cb2ec353e1d977a0c grafana-pcp-debugsource-5.2.2-6.el10_0.ppc64le.rpm SHA-256: d9107308f8b7c1cbc4fb27dafb83996953035dbc3a593b4e43004dc4728bd421 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM grafana-pcp-5.2.2-6.el10_0.src.rpm SHA-256: ba22b4e8ffc172777ad35efce692cf31f04ae081508a674446f3bc46ded66a5c aarch64 grafana-pcp-5.2.2-6.el10_0.aarch64.rpm SHA-256: 3514cff4154b275890fbaa5a4cc2a41ecde4ca4f55a9cfc1eae327b120997b08 grafana-pcp-debuginfo-5.2.2-6.el10_0.aarch64.rpm SHA-256: 7a584f7b0b9cbda2efb66dd476b89e1bdf849b2b180cbe1cbe3ca11a03fe7769 grafana-pcp-debugsource-5.2.2-6.el10_0.aarch64.rpm SHA-256: 9c46990a6e2083e85189ec6ca25931f6c8db7da31b40adbcc6625bb9549d57d0 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM grafana-pcp-5.2.2-6.el10_0.src.rpm SHA-256: ba22b4e8ffc172777ad35efce692cf31f04ae081508a674446f3bc46ded66a5c aarch64 grafana-pcp-5.2.2-6.el10_0.aarch64.rpm SHA-256: 3514cff4154b275890fbaa5a4cc2a41ecde4ca4f55a9cfc1eae327b120997b08 grafana-pcp-debuginfo-5.2.2-6.el10_0.aarch64.rpm SHA-256: 7a584f7b0b9cbda2efb66dd476b89e1bdf849b2b180cbe1cbe3ca11a03fe7769 grafana-pcp-debugsource-5.2.2-6.el10_0.aarch64.rpm SHA-256: 9c46990a6e2083e85189ec6ca25931f6c8db7da31b40adbcc6625bb9549d57d0 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM grafana-pcp-5.2.2-6.el10_0.src.rpm SHA-256: ba22b4e8ffc172777ad35efce692cf31f04ae081508a674446f3bc46ded66a5c s390x grafana-pcp-5.2.2-6.el10_0.s390x.rpm SHA-256: 2b8296f5d7d4982d969d4a12bb6da3a1fd3297f6fa619c3d8f4eb019b7759681 grafana-pcp-debuginfo-5.2.2-6.el10_0.s390x.rpm SHA-256: 33903990f93d0320d36a4f57f566289e1cbf0141a32cc5b99a6b6cee5ce1cab6 grafana-pcp-debugsource-5.2.2-6.el10_0.s390x.rpm SHA-256: 6b04c3cbdb74bae30d566c7bcd742d8b9eb9ff53bea450a6392900095341c3f0 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM grafana-pcp-5.2.2-6.el10_0.src.rpm SHA-256: ba22b4e8ffc172777ad35efce692cf31f04ae081508a674446f3bc46ded66a5c ppc64le grafana-pcp-5.2.2-6.el10_0.ppc64le.rpm SHA-256: 7eaf5b7f62c964e5777234cbe2a85eb61d9dab418c04f1aff4c353a66bbee051 grafana-pcp-debuginfo-5.2.2-6.el10_0.ppc64le.rpm SHA-256: 544d8f626fbacdf717b321b45fb15fd6e9d0e9b7f2acf05cb2ec353e1d977a0c grafana-pcp-debugsource-5.2.2-6.el10_0.ppc64le.rpm SHA-256: d9107308f8b7c1cbc4fb27dafb83996953035dbc3a593b4e43004dc4728bd421 Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM grafana-pcp-5.2.2-6.el10_0.src.rpm SHA-256: ba22b4e8ffc172777ad35efce692cf31f04ae081508a674446f3bc46ded66a5c x86_64 grafana-pcp-5.2.2-6.el10_0.x86_64.rpm SHA-256: 2d5013d49f4c3ccec81c510463228ec39f5c2ab97a4a135fce74e0b891620a26 grafana-pcp-debuginfo-5.2.2-6.el10_0.x86_64.rpm SHA-256: 09c887853f92a0fdb2badcaa2acad1d6dd693a5433ebfef3cdbf251db250795e grafana-pcp-debugsource-5.2.2-6.el10_0.x86_64.rpm SHA-256: e8e674af1fc1ea2d8fe71a27a41a6be7014e4f49f55eb4633e7a751074e6aec6 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .