Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update

CVE-2025-69223 — aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb CVE-2025-69873 — ajv: ReDoS via $data reference CVE-2026-1615 — jsonpath: jsonpath: Arbitrary Code Execution via unsafe JSON Path expression evaluation CVE-2026-25639 — axios: Axios affected by Denial of Service via proto Key in mergeConfig CVE-2026-25990 — pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image CVE-2026-26007 — cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves CVE-2026-28498 — authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens CVE-2026-28802 — authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access CVE-2026-29074 — svgo: SVGO: Denial of Service via XML entity expansion CVE-2026-30827 — express-rate-limit: express-rate-limit: Denial of Service for IPv4 clients due to incorrect IPv6 subnet masking CVE-2026-30922 — pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion