Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-44431 (GCVE-0-2026-44431)
Vulnerability from cvelistv5 – Published: 2026-05-13 15:20 – Updated: 2026-06-26 11:01
VLAI
EPSS
Title
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
Summary
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/urllib3/urllib3/security/advis… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2026… |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T16:51:26.677054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T17:17:07.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-06-26T11:01:19.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "urllib3",
"vendor": "urllib3",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.23, \u003c 2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T15:20:24.588Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"source": {
"advisory": "GHSA-qccp-gfcp-xxvc",
"discovery": "UNKNOWN"
},
"title": "urllib3: Sensitive headers forwarded across origins in proxied low-level redirects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44431",
"datePublished": "2026-05-13T15:20:24.588Z",
"dateReserved": "2026-05-06T14:40:00.954Z",
"dateUpdated": "2026-06-26T11:01:19.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-44431",
"date": "2026-07-02",
"epss": "0.00527",
"percentile": "0.40683"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-44431\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-13T16:16:57.150\",\"lastModified\":\"2026-06-26T12:16:32.423\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"urllib3\",\"product\":\"urllib3\",\"versions\":[{\"version\":\"\u003e= 1.23, \u003c 2.7.0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-13T16:51:26.677054Z\",\"id\":\"CVE-2026-44431\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.23\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"FEC8DBA3-7985-45C5-A453-F83EC4BD18DA\"}]}]}],\"references\":[{\"url\":\"https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2026/06/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2026/06/msg00040.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-06-26T11:01:19.373Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-44431\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T16:51:26.677054Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T17:15:24.639Z\"}}], \"cna\": {\"title\": \"urllib3: Sensitive headers forwarded across origins in proxied low-level redirects\", \"source\": {\"advisory\": \"GHSA-qccp-gfcp-xxvc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"urllib3\", \"product\": \"urllib3\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.23, \u003c 2.7.0\"}]}], \"references\": [{\"url\": \"https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\", \"name\": \"https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-13T15:20:24.588Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-44431\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-26T11:01:19.373Z\", \"dateReserved\": \"2026-05-06T14:40:00.954Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-13T15:20:24.588Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:21741-1
Vulnerability from csaf_suse - Published: 2026-05-21 12:33 - Updated: 2026-05-21 12:33Summary
Security update for python-urllib3
Severity
Important
Notes
Title of the patch: Security update for python-urllib3
Description of the patch: This update for python-urllib3 fixes the following issue
- CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied
low-level redirects (bsc#1265267).
Patchnames: SUSE-SLE-Micro-6.1-542
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:python311-urllib3-2.1.0-slfo.1.1_5.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-urllib3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-urllib3 fixes the following issue\n\n- CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied\n low-level redirects (bsc#1265267).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-542",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21741-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21741-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621741-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21741-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046707.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265267",
"url": "https://bugzilla.suse.com/1265267"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44431 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44431/"
}
],
"title": "Security update for python-urllib3",
"tracking": {
"current_release_date": "2026-05-21T12:33:04Z",
"generator": {
"date": "2026-05-21T12:33:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21741-1",
"initial_release_date": "2026-05-21T12:33:04Z",
"revision_history": [
{
"date": "2026-05-21T12:33:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-urllib3-2.1.0-slfo.1.1_5.1.noarch",
"product": {
"name": "python311-urllib3-2.1.0-slfo.1.1_5.1.noarch",
"product_id": "python311-urllib3-2.1.0-slfo.1.1_5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3-2.1.0-slfo.1.1_5.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-urllib3-2.1.0-slfo.1.1_5.1.noarch"
},
"product_reference": "python311-urllib3-2.1.0-slfo.1.1_5.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44431"
}
],
"notes": [
{
"category": "general",
"text": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:python311-urllib3-2.1.0-slfo.1.1_5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44431",
"url": "https://www.suse.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "SUSE Bug 1265267 for CVE-2026-44431",
"url": "https://bugzilla.suse.com/1265267"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:python311-urllib3-2.1.0-slfo.1.1_5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:python311-urllib3-2.1.0-slfo.1.1_5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-21T12:33:04Z",
"details": "important"
}
],
"title": "CVE-2026-44431"
}
]
}
SUSE-SU-2026:21955-1
Vulnerability from csaf_suse - Published: 2026-06-01 08:18 - Updated: 2026-06-01 08:18Summary
Security update for python-urllib3
Severity
Important
Notes
Title of the patch: Security update for python-urllib3
Description of the patch: This update for python-urllib3 fixes the following issue
- CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied
low-level redirects (bsc#1265267).
Patchnames: SUSE-SL-Micro-6.2-832
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:python313-urllib3-2.5.0-160000.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-urllib3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-urllib3 fixes the following issue\n\n- CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied\n low-level redirects (bsc#1265267).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-832",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21955-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21955-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621955-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21955-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026554.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265267",
"url": "https://bugzilla.suse.com/1265267"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44431 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44431/"
}
],
"title": "Security update for python-urllib3",
"tracking": {
"current_release_date": "2026-06-01T08:18:56Z",
"generator": {
"date": "2026-06-01T08:18:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21955-1",
"initial_release_date": "2026-06-01T08:18:56Z",
"revision_history": [
{
"date": "2026-06-01T08:18:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-urllib3-2.5.0-160000.6.1.noarch",
"product": {
"name": "python313-urllib3-2.5.0-160000.6.1.noarch",
"product_id": "python313-urllib3-2.5.0-160000.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-urllib3-2.5.0-160000.6.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:python313-urllib3-2.5.0-160000.6.1.noarch"
},
"product_reference": "python313-urllib3-2.5.0-160000.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44431"
}
],
"notes": [
{
"category": "general",
"text": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:python313-urllib3-2.5.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44431",
"url": "https://www.suse.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "SUSE Bug 1265267 for CVE-2026-44431",
"url": "https://bugzilla.suse.com/1265267"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:python313-urllib3-2.5.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:python313-urllib3-2.5.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T08:18:56Z",
"details": "important"
}
],
"title": "CVE-2026-44431"
}
]
}
SUSE-SU-2026:22003-1
Vulnerability from csaf_suse - Published: 2026-06-01 08:18 - Updated: 2026-06-01 08:18Summary
Security update for python-urllib3
Severity
Important
Notes
Title of the patch: Security update for python-urllib3
Description of the patch: This update for python-urllib3 fixes the following issue
- CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied
low-level redirects (bsc#1265267).
Patchnames: SUSE-SLES-16.0-832
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-urllib3-2.5.0-160000.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-urllib3-2.5.0-160000.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-urllib3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-urllib3 fixes the following issue\n\n- CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied\n low-level redirects (bsc#1265267).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-832",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22003-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22003-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622003-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22003-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047173.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265267",
"url": "https://bugzilla.suse.com/1265267"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44431 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44431/"
}
],
"title": "Security update for python-urllib3",
"tracking": {
"current_release_date": "2026-06-01T08:18:56Z",
"generator": {
"date": "2026-06-01T08:18:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22003-1",
"initial_release_date": "2026-06-01T08:18:56Z",
"revision_history": [
{
"date": "2026-06-01T08:18:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-urllib3-2.5.0-160000.6.1.noarch",
"product": {
"name": "python313-urllib3-2.5.0-160000.6.1.noarch",
"product_id": "python313-urllib3-2.5.0-160000.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-urllib3-2.5.0-160000.6.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:python313-urllib3-2.5.0-160000.6.1.noarch"
},
"product_reference": "python313-urllib3-2.5.0-160000.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-urllib3-2.5.0-160000.6.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:python313-urllib3-2.5.0-160000.6.1.noarch"
},
"product_reference": "python313-urllib3-2.5.0-160000.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44431"
}
],
"notes": [
{
"category": "general",
"text": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:python313-urllib3-2.5.0-160000.6.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-urllib3-2.5.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44431",
"url": "https://www.suse.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "SUSE Bug 1265267 for CVE-2026-44431",
"url": "https://bugzilla.suse.com/1265267"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:python313-urllib3-2.5.0-160000.6.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-urllib3-2.5.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:python313-urllib3-2.5.0-160000.6.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-urllib3-2.5.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T08:18:56Z",
"details": "important"
}
],
"title": "CVE-2026-44431"
}
]
}
SUSE-SU-2026:22011-1
Vulnerability from csaf_suse - Published: 2026-06-02 07:24 - Updated: 2026-06-02 07:24Summary
Security update for python-urllib3_1
Severity
Important
Notes
Title of the patch: Security update for python-urllib3_1
Description of the patch: This update for python-urllib3_1 fixes the following issue
- CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied
low-level redirects (bsc#1265267).
Patchnames: SUSE-SLES-16.0-859
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-urllib3_1-1.26.20-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-urllib3_1-1.26.20-160000.4.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-urllib3_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-urllib3_1 fixes the following issue\n\n- CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied\n low-level redirects (bsc#1265267).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-859",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22011-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22011-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622011-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22011-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047165.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265267",
"url": "https://bugzilla.suse.com/1265267"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44431 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44431/"
}
],
"title": "Security update for python-urllib3_1",
"tracking": {
"current_release_date": "2026-06-02T07:24:50Z",
"generator": {
"date": "2026-06-02T07:24:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22011-1",
"initial_release_date": "2026-06-02T07:24:50Z",
"revision_history": [
{
"date": "2026-06-02T07:24:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-urllib3_1-1.26.20-160000.4.1.noarch",
"product": {
"name": "python313-urllib3_1-1.26.20-160000.4.1.noarch",
"product_id": "python313-urllib3_1-1.26.20-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-urllib3_1-1.26.20-160000.4.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:python313-urllib3_1-1.26.20-160000.4.1.noarch"
},
"product_reference": "python313-urllib3_1-1.26.20-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-urllib3_1-1.26.20-160000.4.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:python313-urllib3_1-1.26.20-160000.4.1.noarch"
},
"product_reference": "python313-urllib3_1-1.26.20-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44431"
}
],
"notes": [
{
"category": "general",
"text": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:python313-urllib3_1-1.26.20-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-urllib3_1-1.26.20-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44431",
"url": "https://www.suse.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "SUSE Bug 1265267 for CVE-2026-44431",
"url": "https://bugzilla.suse.com/1265267"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:python313-urllib3_1-1.26.20-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-urllib3_1-1.26.20-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:python313-urllib3_1-1.26.20-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-urllib3_1-1.26.20-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T07:24:50Z",
"details": "important"
}
],
"title": "CVE-2026-44431"
}
]
}
WID-SEC-W-2026-1923
Vulnerability from csaf_certbund - Published: 2026-06-14 22:00 - Updated: 2026-07-01 22:00Summary
Red Hat Ansible Automation Platform: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform für die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren und einen Denial-of-Service-Zustand herbeizuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.7
Red Hat / Ansible Automation Platform
|
<2.7 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.7
Red Hat / Ansible Automation Platform
|
<2.7 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.7
Red Hat / Ansible Automation Platform
|
<2.7 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.7
Red Hat / Ansible Automation Platform
|
<2.7 |
References
52 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform f\u00fcr die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren und einen Denial-of-Service-Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1923 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1923.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1923 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1923"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:25928 vom 2026-06-14",
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
},
{
"category": "external",
"summary": "RedHat Customer Portal vom 2026-06-14",
"url": "https://access.redhat.com/security/cve/cve-2026-44188"
},
{
"category": "external",
"summary": "RedHat Customer Portal vom 2026-06-14",
"url": "https://access.redhat.com/security/cve/cve-2026-44431"
},
{
"category": "external",
"summary": "RedHat Customer Portal vom 2026-06-14",
"url": "https://access.redhat.com/security/cve/cve-2026-44432"
},
{
"category": "external",
"summary": "RedHat Customer Portal vom 2026-06-14",
"url": "https://access.redhat.com/security/cve/cve-2026-48526"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:25902 vom 2026-06-15",
"url": "https://access.redhat.com/errata/RHSA-2026:25902"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:11024-1 vom 2026-06-15",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HPO4YH435MYRJUUNUXTAXHTHN27D4LVS/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26212 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26212"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26226 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26226"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26221 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26221"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26215 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26215"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26068 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26068"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26206 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26206"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26304 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26304"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24009 vom 2026-06-18",
"url": "https://access.redhat.com/errata/RHSA-2026:24009"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24014 vom 2026-06-18",
"url": "https://access.redhat.com/errata/RHSA-2026:24014"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24000 vom 2026-06-18",
"url": "https://access.redhat.com/errata/RHSA-2026:24000"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7625 vom 2026-06-18",
"url": "https://access.redhat.com/errata/RHSA-2026:7625"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7634 vom 2026-06-18",
"url": "https://access.redhat.com/errata/RHSA-2026:7634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:27929 vom 2026-06-22",
"url": "https://access.redhat.com/errata/RHSA-2026:27929"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:28000 vom 2026-06-22",
"url": "https://access.redhat.com/errata/RHSA-2026:28000"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:28159 vom 2026-06-23",
"url": "https://access.redhat.com/errata/RHSA-2026:28159"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:28571 vom 2026-06-24",
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:28157 vom 2026-06-23",
"url": "https://access.redhat.com/errata/RHSA-2026:28157"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:28158 vom 2026-06-23",
"url": "https://access.redhat.com/errata/RHSA-2026:28158"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-26206 vom 2026-06-25",
"url": "https://linux.oracle.com/errata/ELSA-2026-26206.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30088 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30088"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30087 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30087"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2627-1 vom 2026-06-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/027002.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-28158 vom 2026-06-26",
"url": "http://linux.oracle.com/errata/ELSA-2026-28158.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-28157 vom 2026-06-26",
"url": "http://linux.oracle.com/errata/ELSA-2026-28157.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30076 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30089 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30089"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30078 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30078"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4651 vom 2026-06-26",
"url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00040.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-19355 vom 2026-06-27",
"url": "http://linux.oracle.com/errata/ELSA-2026-19355.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:32992 vom 2026-06-29",
"url": "https://access.redhat.com/errata/RHSA-2026:32992"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:33313 vom 2026-06-30",
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-32992 vom 2026-06-29",
"url": "https://linux.oracle.com/errata/ELSA-2026-32992.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:21095-1 vom 2026-06-30",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GTELHYNPNRASWLYH7QBSPJYKW3ZUSUQ6/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:32992 vom 2026-07-01",
"url": "https://errata.build.resf.org/RLSA-2026:32992"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:33683 vom 2026-06-30",
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34526 vom 2026-07-01",
"url": "https://access.redhat.com/errata/RHSA-2026:34526"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34365 vom 2026-07-01",
"url": "https://access.redhat.com/errata/RHSA-2026:34365"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34160 vom 2026-07-01",
"url": "https://access.redhat.com/errata/RHSA-2026:34160"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34374 vom 2026-07-01",
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34607 vom 2026-07-02",
"url": "https://access.redhat.com/errata/RHSA-2026:34607"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34533 vom 2026-07-01",
"url": "https://access.redhat.com/errata/RHSA-2026:34533"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34532 vom 2026-07-02",
"url": "https://access.redhat.com/errata/RHSA-2026:34532"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34531 vom 2026-07-02",
"url": "https://access.redhat.com/errata/RHSA-2026:34531"
}
],
"source_lang": "en-US",
"title": "Red Hat Ansible Automation Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-07-01T22:00:00.000+00:00",
"generator": {
"date": "2026-07-02T09:24:13.566+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1923",
"initial_release_date": "2026-06-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von European Union Vulnerability Database und openSUSE aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-18T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-06-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat, SUSE und Oracle Linux aufgenommen"
},
{
"date": "2026-06-28T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-06-29T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-06-30T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-07-01T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.7",
"product": {
"name": "Red Hat Ansible Automation Platform \u003c2.7",
"product_id": "T055389"
}
},
{
"category": "product_version",
"name": "2.7",
"product": {
"name": "Red Hat Ansible Automation Platform 2.7",
"product_id": "T055389-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.7"
}
}
}
],
"category": "product_name",
"name": "Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "10",
"product": {
"name": "Red Hat Enterprise Linux 10",
"product_id": "T055390",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44188",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T027843",
"T055390",
"T004914",
"T032255",
"T055389"
]
},
"release_date": "2026-06-14T22:00:00.000+00:00",
"title": "CVE-2026-44188"
},
{
"cve": "CVE-2026-44431",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T027843",
"T055390",
"T004914",
"T032255",
"T055389"
]
},
"release_date": "2026-06-14T22:00:00.000+00:00",
"title": "CVE-2026-44431"
},
{
"cve": "CVE-2026-44432",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T027843",
"T055390",
"T004914",
"T032255",
"T055389"
]
},
"release_date": "2026-06-14T22:00:00.000+00:00",
"title": "CVE-2026-44432"
},
{
"cve": "CVE-2026-48526",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T027843",
"T055390",
"T004914",
"T032255",
"T055389"
]
},
"release_date": "2026-06-14T22:00:00.000+00:00",
"title": "CVE-2026-48526"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…