RHSA-2026:24866CriticalCVSS 8.8

Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update

Published
June 9, 2026
Last Modified
July 1, 2026

🔗 CVE IDs covered (14)

📋 Description

CVE-2025-62718 — axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization CVE-2026-4926 — path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions CVE-2026-6321 — fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies CVE-2026-23490 — pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-28390 — openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing CVE-2026-28684 — python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following CVE-2026-33154 — dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection CVE-2026-39363 — Vite: Vite: Information disclosure via WebSocket connection bypasses access control CVE-2026-39364 — vite: Vite: Information disclosure via query parameter manipulation on the development server CVE-2026-39892 — cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API CVE-2026-40192 — Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing CVE-2026-40217 — LiteLLM: LiteLLM: Arbitrary Code Execution via bytecode rewriting CVE-2026-41140 — poetry: Poetry: Path traversal vulnerability allows arbitrary file write via malicious package extraction CVE-2026-48710 — starlette: Starlette: Security restriction bypass via malformed HTTP Host header

🔗 References (18)