RHSA-2026:24762HighCVSS 9.0

Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

Published
June 9, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (12)

📋 Description

CVE-2026-4800 — lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-4926 — path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions CVE-2026-7246 — github.com/pallets/click: Pallets Click: Arbitrary command execution via command injection in click.edit() CVE-2026-30922 — pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion CVE-2026-32280 — crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building CVE-2026-32282 — golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32283 — crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages CVE-2026-33891 — node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse() CVE-2026-39363 — Vite: Vite: Information disclosure via WebSocket connection bypasses access control CVE-2026-39892 — cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API CVE-2026-40175 — axios: Axios: Remote Code Execution via Prototype Pollution escalation CVE-2026-40192 — Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

🔗 References (17)