{ "schema_version": "1.7.0", "id": "RHSA-2026:24761", "related": [ "GO-2026-4947", "GO-2026-4864", "GO-2026-4870" ], "upstream": [ "CVE-2025-62718", "CVE-2026-4926", "CVE-2026-7246", "CVE-2026-26996", "CVE-2026-27904", "CVE-2026-30922", "CVE-2026-32280", "CVE-2026-32282", "CVE-2026-32283", "CVE-2026-33891", "CVE-2026-33894", "CVE-2026-33895", "CVE-2026-33896", "CVE-2026-39363", "CVE-2026-39892", "CVE-2026-40192" ], "published": "2026-06-10T10:07:59Z", "modified": "2026-06-11T10:08:50Z", "summary": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "affected": [ { "package": { "name": "automation-gateway-server", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el8", "purl": "pkg:rpm/redhat/automation-gateway-server" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:2.5.20260422-3.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "automation-gateway-server", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el9", "purl": "pkg:rpm/redhat/automation-gateway-server" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:2.5.20260422-3.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-click", "ecosystem": "Red Hat:ansible_automation_platform_developer:2.5::el8", "purl": "pkg:rpm/redhat/python3.12-click" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:8.3.3-1.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-click", "ecosystem": "Red Hat:ansible_automation_platform_inside:2.5::el8", "purl": "pkg:rpm/redhat/python3.12-click" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:8.3.3-1.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-click", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el8", "purl": "pkg:rpm/redhat/python3.12-click" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:8.3.3-1.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-click", "ecosystem": "Red Hat:ansible_automation_platform_developer:2.5::el9", "purl": "pkg:rpm/redhat/python3.12-click" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:8.3.3-1.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-click", "ecosystem": "Red Hat:ansible_automation_platform_inside:2.5::el9", "purl": "pkg:rpm/redhat/python3.12-click" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:8.3.3-1.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-click", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el9", "purl": "pkg:rpm/redhat/python3.12-click" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:8.3.3-1.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "automation-controller-venv-tower", "ecosystem": "Red Hat:ansible_automation_platform_developer:2.5::el8", "purl": "pkg:rpm/redhat/automation-controller-venv-tower" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:4.6.29-2.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "automation-controller-venv-tower", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el8", "purl": "pkg:rpm/redhat/automation-controller-venv-tower" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:4.6.29-2.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "automation-controller-venv-tower", "ecosystem": "Red Hat:ansible_automation_platform_developer:2.5::el9", "purl": "pkg:rpm/redhat/automation-controller-venv-tower" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:4.6.29-2.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "automation-controller-venv-tower", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el9", "purl": "pkg:rpm/redhat/automation-controller-venv-tower" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:4.6.29-2.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "receptor", "ecosystem": "Red Hat:ansible_automation_platform_developer:2.5::el8", "purl": "pkg:rpm/redhat/receptor" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:1.6.5-1.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "receptor", "ecosystem": "Red Hat:ansible_automation_platform_inside:2.5::el8", "purl": "pkg:rpm/redhat/receptor" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:1.6.5-1.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "automation-gateway-proxy-server", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el8", "purl": "pkg:rpm/redhat/automation-gateway-proxy-server" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:2.5.10-6.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "receptor", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el8", "purl": "pkg:rpm/redhat/receptor" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:1.6.5-1.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "receptor", "ecosystem": "Red Hat:ansible_automation_platform_developer:2.5::el9", "purl": "pkg:rpm/redhat/receptor" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:1.6.5-1.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "receptor", "ecosystem": "Red Hat:ansible_automation_platform_inside:2.5::el9", "purl": "pkg:rpm/redhat/receptor" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:1.6.5-1.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "automation-gateway-proxy-server", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el9", "purl": "pkg:rpm/redhat/automation-gateway-proxy-server" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:2.6.14-3.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "receptor", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el9", "purl": "pkg:rpm/redhat/receptor" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:1.6.5-1.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-cryptography", "ecosystem": "Red Hat:ansible_automation_platform_developer:2.5::el8", "purl": "pkg:rpm/redhat/python3.12-cryptography" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:46.0.7-1.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-cryptography", "ecosystem": "Red Hat:ansible_automation_platform_inside:2.5::el8", "purl": "pkg:rpm/redhat/python3.12-cryptography" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:46.0.7-1.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-cryptography", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el8", "purl": "pkg:rpm/redhat/python3.12-cryptography" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:46.0.7-1.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-cryptography", "ecosystem": "Red Hat:ansible_automation_platform_developer:2.5::el9", "purl": "pkg:rpm/redhat/python3.12-cryptography" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:46.0.7-1.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-cryptography", "ecosystem": "Red Hat:ansible_automation_platform_inside:2.5::el9", "purl": "pkg:rpm/redhat/python3.12-cryptography" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:46.0.7-1.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-cryptography", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el9", "purl": "pkg:rpm/redhat/python3.12-cryptography" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:46.0.7-1.el9ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-pillow", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el8", "purl": "pkg:rpm/redhat/python3.12-pillow" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:12.2.0-1.el8ap" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "python3.12-pillow", "ecosystem": "Red Hat:ansible_automation_platform:2.5::el9", "purl": "pkg:rpm/redhat/python3.12-pillow" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:12.2.0-1.el9ap" } ], "type": "ECOSYSTEM" } ] } ], "references": [ { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2026:24761" }, { "type": "ARTICLE", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "type": "ARTICLE", "url": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/release_notes/patch_releases" }, { "type": "ARTICLE", "url": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448553" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451867" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452450" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452457" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452458" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456179" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464121" }, { "type": "ADVISORY", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24761.json" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2025-62718" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718" }, { "type": "ARTICLE", "url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1" }, { "type": "ARTICLE", "url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2" }, { "type": "ARTICLE", "url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df" }, { "type": "ARTICLE", "url": "https://github.com/axios/axios/pull/10661" }, { "type": "ARTICLE", "url": "https://github.com/axios/axios/releases/tag/v1.15.0" }, { "type": "ARTICLE", "url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-4926" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-4926" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4926" }, { "type": "ARTICLE", "url": "https://cna.openjsf.org/security-advisories.html" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-7246" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-7246" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7246" }, { "type": "ARTICLE", "url": "https://github.com/pallets/click/releases/tag/8.3.3" }, { "type": "ARTICLE", "url": "https://github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-hgmw" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-26996" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996" }, { "type": "ARTICLE", "url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5" }, { "type": "ARTICLE", "url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-27904" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904" }, { "type": "ARTICLE", "url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-30922" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-30922" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922" }, { "type": "ARTICLE", "url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0" }, { "type": "ARTICLE", "url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-32280" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-32280" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280" }, { "type": "ARTICLE", "url": "https://go.dev/cl/758320" }, { "type": "ARTICLE", "url": "https://go.dev/issue/78282" }, { "type": "ARTICLE", "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU" }, { "type": "ADVISORY", "url": "https://pkg.go.dev/vuln/GO-2026-4947" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-32282" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-32282" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282" }, { "type": "ARTICLE", "url": "https://go.dev/cl/763761" }, { "type": "ARTICLE", "url": "https://go.dev/issue/78293" }, { "type": "ADVISORY", "url": "https://pkg.go.dev/vuln/GO-2026-4864" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-32283" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-32283" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283" }, { "type": "ARTICLE", "url": "https://go.dev/cl/763767" }, { "type": "ARTICLE", "url": "https://go.dev/issue/78334" }, { "type": "ADVISORY", "url": "https://pkg.go.dev/vuln/GO-2026-4870" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-33891" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33891" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33891" }, { "type": "ARTICLE", "url": "https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023" }, { "type": "ARTICLE", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-33894" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33894" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894" }, { "type": "ARTICLE", "url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8" }, { "type": "ARTICLE", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp" }, { "type": "ARTICLE", "url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE" }, { "type": "ARTICLE", "url": "https://www.rfc-editor.org/rfc/rfc8017.html" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-33895" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33895" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33895" }, { "type": "ARTICLE", "url": "https://datatracker.ietf.org/doc/html/rfc8032#section-8.4" }, { "type": "ARTICLE", "url": "https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85" }, { "type": "ARTICLE", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-33896" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33896" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33896" }, { "type": "ARTICLE", "url": "https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90" }, { "type": "ARTICLE", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-39363" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-39363" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39363" }, { "type": "ARTICLE", "url": "https://github.com/vitejs/vite/security/advisories/GHSA-p9ff-h696-f583" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-39892" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-39892" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892" }, { "type": "ARTICLE", "url": "http://www.openwall.com/lists/oss-security/2026/04/08/12" }, { "type": "ARTICLE", "url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5" }, { "type": "ARTICLE", "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-40192" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-40192" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192" }, { "type": "ARTICLE", "url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628" }, { "type": "ARTICLE", "url": "https://github.com/python-pillow/Pillow/pull/9521" }, { "type": "ARTICLE", "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j" }, { "type": "ARTICLE", "url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb" } ] }