Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update
🔗 CVE IDs covered (14)
📋 Description
CVE-2025-62718 — axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization CVE-2026-4926 — path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions CVE-2026-6321 — fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies CVE-2026-23490 — pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-28390 — openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing CVE-2026-28684 — python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following CVE-2026-33154 — dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection CVE-2026-39363 — Vite: Vite: Information disclosure via WebSocket connection bypasses access control CVE-2026-39364 — vite: Vite: Information disclosure via query parameter manipulation on the development server CVE-2026-39892 — cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API CVE-2026-40192 — Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing CVE-2026-40217 — LiteLLM: LiteLLM: Arbitrary Code Execution via bytecode rewriting CVE-2026-41140 — poetry: Poetry: Path traversal vulnerability allows arbitrary file write via malicious package extraction CVE-2026-48710 — starlette: Starlette: Security restriction bypass via malformed HTTP Host header
🔗 References (18)
- selfhttps://access.redhat.com/errata/RHSA-2026:24866
- externalhttps://access.redhat.com/security/cve/CVE-2025-62718
- externalhttps://access.redhat.com/security/cve/CVE-2026-23490
- externalhttps://access.redhat.com/security/cve/CVE-2026-28390
- externalhttps://access.redhat.com/security/cve/CVE-2026-28684
- externalhttps://access.redhat.com/security/cve/CVE-2026-33154
- externalhttps://access.redhat.com/security/cve/CVE-2026-39363
- externalhttps://access.redhat.com/security/cve/CVE-2026-39364
- externalhttps://access.redhat.com/security/cve/CVE-2026-39892
- externalhttps://access.redhat.com/security/cve/CVE-2026-40192
- externalhttps://access.redhat.com/security/cve/CVE-2026-40217
- externalhttps://access.redhat.com/security/cve/CVE-2026-41140
- externalhttps://access.redhat.com/security/cve/CVE-2026-48710
- externalhttps://access.redhat.com/security/cve/CVE-2026-4926
- externalhttps://access.redhat.com/security/cve/CVE-2026-6321
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/whats_new-async_updates
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24866.json