Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
🔗 CVE IDs covered (16)
📋 Description
CVE-2025-62718 — axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization CVE-2026-4926 — path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions CVE-2026-7246 — github.com/pallets/click: Pallets Click: Arbitrary command execution via command injection in click.edit() CVE-2026-26996 — minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-27904 — minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions CVE-2026-30922 — pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion CVE-2026-32280 — crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building CVE-2026-32282 — golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32283 — crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages CVE-2026-33891 — node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse() CVE-2026-33894 — node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification CVE-2026-33895 — node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures CVE-2026-33896 — node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance CVE-2026-39363 — Vite: Vite: Information disclosure via WebSocket connection bypasses access control CVE-2026-39892 — cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API CVE-2026-40192 — Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing
🔗 References (21)
- selfhttps://access.redhat.com/errata/RHSA-2026:24761
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/release_notes/patch_releases
- externalhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2441268
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2442922
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2448553
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2451867
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2452450
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2452457
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2452458
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2452464
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2456179
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2456336
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2456338
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2456339
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2456735
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2456913
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2458856
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464121
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24761.json