Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update
🔗 CVE IDs covered (12)
📋 Description
CVE-2026-6322 — fast-uri: fast-uri: URI authority bypass due to improper delimiter handling
CVE-2026-8643 — python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite
CVE-2026-33154 — dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection
CVE-2026-42338 — ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input
CVE-2026-44293 — protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors
CVE-2026-44431 — urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers
CVE-2026-44432 — urllib3: urllib3: Denial of Service due to excessive HTTP response decompression
CVE-2026-44487 — axios: Axios: Information disclosure of proxy credentials via redirect flows
CVE-2026-44488 — axios: Axios: Denial of Service due to unenforced request and response size limits
CVE-2026-44495 — axios: Axios: Information disclosure due to prototype pollution vulnerability
CVE-2026-45736 — ws: ws: Uninitialized memory disclosure via websocket.close() with TypedArray
CVE-2026-48526 — python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens
🔗 References (16)
- selfhttps://access.redhat.com/errata/RHSA-2026:34374
- externalhttps://access.redhat.com/security/cve/CVE-2026-33154
- externalhttps://access.redhat.com/security/cve/CVE-2026-42338
- externalhttps://access.redhat.com/security/cve/CVE-2026-44293
- externalhttps://access.redhat.com/security/cve/CVE-2026-44431
- externalhttps://access.redhat.com/security/cve/CVE-2026-44432
- externalhttps://access.redhat.com/security/cve/CVE-2026-44487
- externalhttps://access.redhat.com/security/cve/CVE-2026-44488
- externalhttps://access.redhat.com/security/cve/CVE-2026-44495
- externalhttps://access.redhat.com/security/cve/CVE-2026-45736
- externalhttps://access.redhat.com/security/cve/CVE-2026-48526
- externalhttps://access.redhat.com/security/cve/CVE-2026-6322
- externalhttps://access.redhat.com/security/cve/CVE-2026-8643
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/whats_new-async_updates
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34374.json