RHSA-2026:34374HighCVSS 8.1

Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update

Published
July 1, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (12)

📋 Description

CVE-2026-6322 — fast-uri: fast-uri: URI authority bypass due to improper delimiter handling CVE-2026-8643 — python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite CVE-2026-33154 — dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection CVE-2026-42338 — ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-44293 — protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors CVE-2026-44431 — urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers CVE-2026-44432 — urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-44487 — axios: Axios: Information disclosure of proxy credentials via redirect flows CVE-2026-44488 — axios: Axios: Denial of Service due to unenforced request and response size limits CVE-2026-44495 — axios: Axios: Information disclosure due to prototype pollution vulnerability CVE-2026-45736 — ws: ws: Uninitialized memory disclosure via websocket.close() with TypedArray CVE-2026-48526 — python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

🔗 References (16)