Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

CVE-2025-69534 — python-markdown: denial of service via malformed HTML-like sequences CVE-2025-69873 — ajv: ReDoS via $data reference CVE-2026-6266 — aap-controller: aap-gateway: Account hijacking and unauthorized access via unverified email linking CVE-2026-23490 — pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-25679 — net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-26007 — cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves CVE-2026-27459 — pyOpenSSL: DTLS cookie callback buffer overflow CVE-2026-27606 — rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability CVE-2026-29074 — svgo: SVGO: Denial of Service via XML entity expansion CVE-2026-30922 — pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion CVE-2026-32597 — pyjwt: PyJWT accepts unknown crit header extensions (RFC 7515 §4.1.11 MUST violation) CVE-2026-39373 — JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens