RHSA-2026:34160HighCVSS 8.1

Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

Published
July 1, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (10)

📋 Description

CVE-2026-6322 — fast-uri: fast-uri: URI authority bypass due to improper delimiter handling CVE-2026-33154 — dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection CVE-2026-41240 — DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization CVE-2026-42035 — axios: Axios: Arbitrary HTTP header injection via prototype pollution CVE-2026-44293 — protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors CVE-2026-44431 — urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers CVE-2026-44432 — urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-44488 — axios: Axios: Denial of Service due to unenforced request and response size limits CVE-2026-44495 — axios: Axios: Information disclosure due to prototype pollution vulnerability CVE-2026-48526 — python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

🔗 References (15)