Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update
🔗 CVE IDs covered (10)
📋 Description
CVE-2026-6322 — fast-uri: fast-uri: URI authority bypass due to improper delimiter handling CVE-2026-33154 — dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection CVE-2026-41240 — DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization CVE-2026-42035 — axios: Axios: Arbitrary HTTP header injection via prototype pollution CVE-2026-44293 — protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors CVE-2026-44431 — urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers CVE-2026-44432 — urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-44488 — axios: Axios: Denial of Service due to unenforced request and response size limits CVE-2026-44495 — axios: Axios: Information disclosure due to prototype pollution vulnerability CVE-2026-48526 — python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2026:34160
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/whats_new-async_updates
- externalhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2449774
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2461147
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2461606
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2466684
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2477104
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2477154
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2477167
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2482734
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2487937
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2487949
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34160.json